Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
CVE-2016-7568 Integer Overflow in gdImageWebpCtx #308
An integer overflow issue was found in function
This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB.
The bad code lies in function
There is no overflow check before calling the
This issue was reported to PHP originally. So currently the proof-of-concept file is only available for PHP. But I think it's not hard to write a PoC for libgd.
Also, the exception log was generated by PHP.
It's very easy to write a patch for this issue. Just call function
2016/09/02 - Report to PHP as BUG 73003
Hello, CVE-2016-7568 has been assigned to this issue. Thanks.