CVE-2013-7456

Published: Aug 7, 2016Modified: May 6, 2026

7.6

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Exploitability: 2.8 / Impact: 4.7

Source: NVD

Description

gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.

Affected (1)

Products: Libgd: Libgd

1 product

Configuration A

1 vulnerable · 38 platform

Vulnerable Software	Affected Versions
Libgd Libgd	Version 2.1.0

Running on/with	Platform Versions
Php Php	Up to 5.5.35
Php Php	Version 5.6.0 alpha1
Php Php	Version 5.6.0 alpha2
Php Php	Version 5.6.0 alpha3
Php Php	Version 5.6.0 alpha4
Php Php	Version 5.6.0 alpha5
Php Php	Version 5.6.0 beta1
Php Php	Version 5.6.0 beta2
Php Php	Version 5.6.0 beta3
Php Php	Version 5.6.0 beta4
Php Php	Version 5.6.10
Php Php	Version 5.6.11
Php Php	Version 5.6.12
Php Php	Version 5.6.13
Php Php	Version 5.6.14
Php Php	Version 5.6.15
Php Php	Version 5.6.16
Php Php	Version 5.6.17
Php Php	Version 5.6.18
Php Php	Version 5.6.19
Php Php	Version 5.6.1
Php Php	Version 5.6.20
Php Php	Version 5.6.21
Php Php	Version 5.6.2
Php Php	Version 5.6.3
Php Php	Version 5.6.4
Php Php	Version 5.6.5
Php Php	Version 5.6.6
Php Php	Version 5.6.7
Php Php	Version 5.6.8
Php Php	Version 5.6.9
Php Php	Version 7.0.0
Php Php	Version 7.0.1
Php Php	Version 7.0.2
Php Php	Version 7.0.3
Php Php	Version 7.0.4
Php Php	Version 7.0.5
Php Php	Version 7.0.6

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (24)

http://php.net/ChangeLog-5.php

Source: cve@mitre.org

Release Notes

http://php.net/ChangeLog-7.php

Source: cve@mitre.org

Release Notes

http://rhn.redhat.com/errata/RHSA-2016-2750.html

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3587

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3602

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/05/26/3

Source: cve@mitre.org

Release Notes

http://www.securityfocus.com/bid/90859

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-3030-1

Source: cve@mitre.org

https://bugs.php.net/bug.php?id=72227

Source: cve@mitre.org

Exploit

https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a

Source: cve@mitre.org

https://github.com/php/php-src/commit/7a1aac3343af85b4af4df5f8844946eaa27394ab?w=1

Source: cve@mitre.org

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

Source: cve@mitre.org

http://php.net/ChangeLog-5.php

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

http://php.net/ChangeLog-7.php

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

http://rhn.redhat.com/errata/RHSA-2016-2750.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3587

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3602

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2016/05/26/3

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

http://www.securityfocus.com/bid/90859

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-3030-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.php.net/bug.php?id=72227

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/php/php-src/commit/7a1aac3343af85b4af4df5f8844946eaa27394ab?w=1

Source: af854a3a-2127-422b-91ae-364da2661108

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.