DEBIAN-CVE-2016-9933

DEBIAN-CVE-2016-9933 PUBLISHED CVSS 7.5 HIGH

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	libgd2	0, 0, 0
Debian:12	libgd2	0, 0, 0
Debian:14	libgd2	0, 0, 0
Debian:11	libgd2	0, 0, 0

Timeline

Jan 4, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-9933 advisory

Open in Interactive Console →