[Bug 1015187] New: VUL-0: CVE-2016-9933: php: imagefilltoborder stackoverflow on truecolor images
http://bugzilla.opensuse.org/show_bug.cgi?id=1015187 Bug ID: 1015187 Summary: VUL-0: CVE-2016-9933: php: imagefilltoborder stackoverflow on truecolor images Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Reference: http://seclists.org/oss-sec/2016/q4/658 =================================================== Fixed in PHP 5.6.28, 7.0.13 and 7.1.0: Bug #72696 imagefilltoborder stackoverflow on truecolor images https://bugs.php.net/bug.php?id=72696 https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80... Use CVE-2016-9933. The scope of this CVE is only the missing "color < 0" test in older versions. https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb4... is also about comparisons to "im->colorsTotal - 1" - if that's also a libgd vulnerability fix, and someone wants a CVE ID for that, please let us know. =================================================== -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1015187 Mikhail Kasimov <mikhail.kasimov@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2016-9933 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com