{"id":"CVE-2016-9933","details":"Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.","modified":"2026-04-11T03:57:09.219208Z","published":"2017-01-04T20:59:00.480Z","related":["SUSE-SU-2016:3211-1","SUSE-SU-2016:3251-1","SUSE-SU-2017:0017-1","SUSE-SU-2017:0038-1","SUSE-SU-2017:0109-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/94865"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html"},{"type":"ADVISORY","url":"http://www.php.net/ChangeLog-7.php"},{"type":"ADVISORY","url":"https://bugs.php.net/bug.php?id=72696"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/12/12/2"},{"type":"ADVISORY","url":"https://github.com/libgd/libgd/issues/215"},{"type":"ADVISORY","url":"https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1"},{"type":"ADVISORY","url":"http://www.php.net/ChangeLog-5.php"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1296"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3751"},{"type":"FIX","url":"https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libgd/libgd","events":[{"introduced":"0"},{"last_affected":"a49ebbf1ed370c8d9bf0c30f35050ba2040eee5b"},{"fixed":"77f619d48259383628c3ec4654b1ad578e9eb40e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.2.1"}]}},{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"0"},{"fixed":"863d37ea66d5c960db08d6f4a2cbd2518f0f80d1"}]}],"versions":["GD_1_3_0","GD_1_4_0","GD_1_5_0","GD_1_6_0","GD_1_6_1","GD_1_6_2","GD_1_6_3","GD_1_7_0","GD_1_7_1","GD_1_7_2","GD_1_7_3","GD_1_8_0","GD_1_8_1","GD_1_8_3","GD_1_8_4","GD_2_0_0","GD_2_0_1","GD_2_0_10","GD_2_0_11","GD_2_0_12","GD_2_0_13","GD_2_0_14","GD_2_0_15","GD_2_0_17","GD_2_0_18","GD_2_0_19","GD_2_0_2","GD_2_0_20","GD_2_0_21","GD_2_0_22","GD_2_0_23","GD_2_0_24","GD_2_0_25","GD_2_0_26","GD_2_0_27","GD_2_0_28","GD_2_0_29","GD_2_0_3","GD_2_0_30","GD_2_0_31","GD_2_0_32","GD_2_0_33","GD_2_0_34RC1","GD_2_0_4","GD_2_0_5","GD_2_0_6","GD_2_0_7","GD_2_0_8","GD_2_0_9","gd-2.1.0","gd-2.1.0-alpha1","gd-2.1.0-rc1","gd-2.1.1","gd-2.2.0","gd-2.2.1"],"database_specific":{"vanir_signatures":[{"digest":{"function_hash":"51851102624442393955613366683884704211","length":1578},"signature_version":"v1","source":"https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e","target":{"function":"gdImageFillToBorder","file":"src/gd.c"},"signature_type":"Function","id":"CVE-2016-9933-0ad2ad76","deprecated":false},{"digest":{"function_hash":"204555986885295926445620285353660811254","length":1700},"signature_version":"v1","source":"https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1","target":{"function":"gdImageFillToBorder","file":"ext/gd/libgd/gd.c"},"signature_type":"Function","id":"CVE-2016-9933-3344d009","deprecated":false},{"digest":{"line_hashes":["212289127705669442614260577537722716247","213634916113294883352746733094991011668","187076187851435916055087938545543830861","169292344746694247268202568092638681361"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1","target":{"file":"ext/gd/libgd/gd.c"},"signature_type":"Line","id":"CVE-2016-9933-95ab2d49","deprecated":false},{"digest":{"line_hashes":["57749089167143626458798823933147928600","121404800837027207503918118032884996150","214785165878694708727711374079984772155","177786475786199882260886250082204468426","192487108250425406850418729855460599379","120103679383625323170182334970288533301"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e","target":{"file":"src/gd.c"},"signature_type":"Line","id":"CVE-2016-9933-d8ddcde0","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9933.json","vanir_signatures_modified":"2026-04-11T03:57:09Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}