製品・ソフトウェアに関する情報

JVN脆弱性詳細

PHP で使用される GD Graphics Library の gd.c の gdImageFillToBorder 関数におけるサービス運用妨害 (DoS) の脆弱性

Title	PHP で使用される GD Graphics Library の gd.c の gdImageFillToBorder 関数におけるサービス運用妨害 (DoS) の脆弱性
Summary	PHP で使用される GD Graphics Library (別名 libgd) の gd.c の gdImageFillToBorder 関数には、スタックの消費により、サービス運用妨害 (セグメンテーション違反) 状態にされる脆弱性が存在します。
Possible impacts	リモートの攻撃者により、負の color 値の使用を誘発する巧妙に細工された imagefilltoborder コールを介して、サービス運用妨害 (セグメンテーション違反) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 10, 2016, midnight
Registration Date	Jan. 16, 2017, 5:03 p.m.
Last Update	Jan. 16, 2017, 5:03 p.m.

CVSS3.0 : 重要
Score	7.5
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

The PHP Group

PHP 5.6.28 未満

PHP 7.0.13 未満の 7.x

LibGD project

LibGD 2.2.2 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-9933	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9933
National Vulnerability Database (NVD)
2	CVE-2016-9933	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9933

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
GitHub
1	fix #215 gdImageFillToBorder stack-overflow when invalid color is used	https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e
2	Fix #72696: imagefilltoborder stackoverflow on truecolor images	https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
3	gdImageFillToBorder stack-overflow when invalid color is used #215	https://github.com/libgd/libgd/issues/215
PHP Bugs
4	Sec Bug #72696	https://bugs.php.net/bug.php?id=72696
The PHP Group
5	PHP 5 ChangeLog	http://www.php.net/ChangeLog-5.php
6	PHP 7 ChangeLog	http://www.php.net/ChangeLog-7.php

Change Log

No	Changed Details	Date of change
0	[2017年01月16日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-9933

Summary	Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
Publication Date	Jan. 5, 2017, 5:59 a.m.
Registration Date	Jan. 26, 2021, 2:21 p.m.
Last Update	Nov. 21, 2024, 12:02 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:libgd:libgd:2.2.1:::::::*
execution environment
1	cpe:2.3:a:php:php::::::::
2	cpe:2.3:a:php:php:7.0.0:::::::*
3	cpe:2.3:a:php:php:7.0.1:::::::*
4	cpe:2.3:a:php:php:7.0.2:::::::*
5	cpe:2.3:a:php:php:7.0.3:::::::*
6	cpe:2.3:a:php:php:7.0.4:::::::*
7	cpe:2.3:a:php:php:7.0.5:::::::*
8	cpe:2.3:a:php:php:7.0.6:::::::*
9	cpe:2.3:a:php:php:7.0.7:::::::*
10	cpe:2.3:a:php:php:7.0.8:::::::*
11	cpe:2.3:a:php:php:7.0.9:::::::*
12	cpe:2.3:a:php:php:7.0.10:::::::*
13	cpe:2.3:a:php:php:7.0.11:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html
2	http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html
3	http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
4	http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
5	http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html
6	http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html
7	http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
8	http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
9	http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
10	http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
11	http://www.debian.org/security/2017/dsa-3751
12	http://www.debian.org/security/2017/dsa-3751
13	http://www.openwall.com/lists/oss-security/2016/12/12/2	Third Party Advisory
14	http://www.openwall.com/lists/oss-security/2016/12/12/2	Third Party Advisory
15	http://www.php.net/ChangeLog-5.php	Release Notes Vendor Advisory
16	http://www.php.net/ChangeLog-5.php	Release Notes Vendor Advisory
17	http://www.php.net/ChangeLog-7.php	Release Notes Vendor Advisory
18	http://www.php.net/ChangeLog-7.php	Release Notes Vendor Advisory
19	http://www.securityfocus.com/bid/94865
20	http://www.securityfocus.com/bid/94865
21	https://access.redhat.com/errata/RHSA-2018:1296
22	https://access.redhat.com/errata/RHSA-2018:1296
23	https://bugs.php.net/bug.php?id=72696	Vendor Advisory
24	https://bugs.php.net/bug.php?id=72696	Vendor Advisory
25	https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e	Patch Vendor Advisory
26	https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e	Patch Vendor Advisory
27	https://github.com/libgd/libgd/issues/215	Vendor Advisory
28	https://github.com/libgd/libgd/issues/215	Vendor Advisory
29	https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1	Vendor Advisory
30	https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:libgd:libgd:2.2.1:::::::*
execution environment
1	cpe:2.3:a:php:php::::::::
2	cpe:2.3:a:php:php:7.0.0:::::::*
3	cpe:2.3:a:php:php:7.0.1:::::::*
4	cpe:2.3:a:php:php:7.0.2:::::::*
5	cpe:2.3:a:php:php:7.0.3:::::::*
6	cpe:2.3:a:php:php:7.0.4:::::::*
7	cpe:2.3:a:php:php:7.0.5:::::::*
8	cpe:2.3:a:php:php:7.0.6:::::::*
9	cpe:2.3:a:php:php:7.0.7:::::::*
10	cpe:2.3:a:php:php:7.0.8:::::::*
11	cpe:2.3:a:php:php:7.0.9:::::::*
12	cpe:2.3:a:php:php:7.0.10:::::::*
13	cpe:2.3:a:php:php:7.0.11:::::::*