High severity7.5NVD Advisory· Published Jan 4, 2017· Updated Jun 17, 2026
CVE-2016-9933
CVE-2016-9933
Description
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26- Range: <2.2.2
- osv-coords23 versionspkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
< 2.1.0-20.1+ 22 more
- (no CPE)range: < 2.1.0-20.1
- (no CPE)range: < 2.1.0-20.1
- (no CPE)range: < 2.0.36.RC1-52.29.1
- (no CPE)range: < 2.1.0-20.1
- (no CPE)range: < 2.1.0-20.1
- (no CPE)range: < 2.1.0-20.1
- (no CPE)range: < 2.0.36.RC1-52.29.1
- (no CPE)range: < 2.1.0-20.1
- (no CPE)range: < 2.1.0-20.1
- (no CPE)range: < 2.0.36.RC1-52.29.1
- (no CPE)range: < 2.1.0-20.1
- (no CPE)range: < 2.1.0-20.1
- (no CPE)range: < 2.1.0-20.1
- (no CPE)range: < 2.1.0-20.1
- (no CPE)range: < 5.3.17-94.1
- (no CPE)range: < 5.3.17-94.1
- (no CPE)range: < 5.3.17-94.1
- (no CPE)range: < 5.5.14-89.2
- (no CPE)range: < 5.5.14-89.2
- (no CPE)range: < 5.5.14-89.2
- (no CPE)range: < 7.0.7-28.2
- (no CPE)range: < 7.0.7-28.2
- (no CPE)range: < 7.0.7-28.2
Patches
Vulnerability mechanics
References
15- github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40envdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2016/12/12/2nvdThird Party Advisory
- www.php.net/ChangeLog-5.phpnvdRelease NotesVendor Advisory
- www.php.net/ChangeLog-7.phpnvdRelease NotesVendor Advisory
- bugs.php.net/bug.phpnvdVendor Advisory
- github.com/libgd/libgd/issues/215nvdVendor Advisory
- github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1nvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2016-12/msg00133.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-12/msg00142.htmlnvd
- lists.opensuse.org/opensuse-updates/2017-01/msg00002.htmlnvd
- lists.opensuse.org/opensuse-updates/2017-01/msg00034.htmlnvd
- lists.opensuse.org/opensuse-updates/2017-01/msg00054.htmlnvd
- www.debian.org/security/2017/dsa-3751nvd
- www.securityfocus.com/bid/94865nvd
- access.redhat.com/errata/RHSA-2018:1296nvd
News mentions
0No linked articles in our index yet.