Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2016-9933

Public on 2017-01-04
Modified on 2017-01-26
Description

An infinite recursion flaw was found in the gdImageFillToBorder() function from the gd library; also used by PHP imagefilltoborder() function, when passing a negative integer as the color parameter, triggering a stack overflow. A remote attacker with ability to force a negative color identifier when calling the function could crash the PHP application, causing a Denial of Service.

Severity
Low
See what this means
CVSS v3 Base Score
3.3
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 php56 2017-01-26 18:00 ALAS-2017-787
Amazon Linux 1 php70 2017-01-26 18:00 ALAS-2017-788

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P
Amazon Linux CVSSv3 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
NVD CVSSv2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD CVSSv3 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H