suse · CVE-2016-8670

Quick triage

Priority: medium 公開: 2021-05-30 13:46:56 UTC Updated: 2026-04-18 15:57:39 UTC

参照: Official suse advisory, NVD, CVE.org · CVE 詳細

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-8670 severity moderate: SUSE including 222 source package names (apache2-mod_php5-5.2.14-0.7.30.97.1, apache2-mod_php5-5.5.14-83.1, …), 336 product×package rows across 34 product lines (Container caasp/v4/nginx-ingress-controller, Image SLES12-SP5-Azure-SAP-BYOS, … (34 product lines)): Fixed 336.

Description:

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.

cvelogic Threat Intelligence