| Bug ID | 1015187 |
|---|---|
| Summary | VUL-0: CVE-2016-9933: php: imagefilltoborder stackoverflow on truecolor images |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.2 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Reference: http://seclists.org/oss-sec/2016/q4/658 =================================================== Fixed in PHP 5.6.28, 7.0.13 and 7.1.0: Bug #72696 imagefilltoborder stackoverflow on truecolor images https://bugs.php.net/bug.php?id=72696 https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1 Use CVE-2016-9933. The scope of this CVE is only the missing "color < 0" test in older versions. https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e is also about comparisons to "im->colorsTotal - 1" - if that's also a libgd vulnerability fix, and someone wants a CVE ID for that, please let us know. ===================================================