1
PublicDateAtUSN: 2017-01-04
2
Candidate: CVE-2016-9933
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9933
6
http://www.openwall.com/lists/oss-security/2016/12/12/2
7
https://usn.ubuntu.com/usn/usn-3213-1
9
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c
10
in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before
11
5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of
12
service (segmentation violation) via a crafted imagefilltoborder call that
13
triggers use of a negative color value.
16
mdeslaur> php uses the system libgd2
18
https://bugs.php.net/bug.php?id=72696
19
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849038
25
upstream: https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e
26
upstream_libgd2: released (2.2.2)
27
precise_libgd2: released (2.0.36~rc1~dfsg-6ubuntu2.4)
28
trusty_libgd2: released (2.1.0-3ubuntu0.6)
29
vivid/stable-phone-overlay_libgd2: DNE
30
vivid/ubuntu-core_libgd2: DNE
31
xenial_libgd2: released (2.1.1-4ubuntu0.16.04.6)
32
yakkety_libgd2: released (2.2.1-1ubuntu3.3)
33
devel_libgd2: not-affected (2.2.3-87-gd0fec80-3)
36
upstream_php5: needs-triage
37
precise_php5: not-affected (uses system gd)
38
trusty_php5: not-affected (uses system gd)
39
vivid/ubuntu-core_php5: DNE
40
vivid/stable-phone-overlay_php5: DNE
46
upstream_php7.0: needs-triage
49
vivid/ubuntu-core_php7.0: DNE
50
vivid/stable-phone-overlay_php7.0: DNE
51
xenial_php7.0: not-affected (uses system gd)
52
yakkety_php7.0: not-affected (uses system gd)
53
devel_php7.0: not-affected (uses system gd)