Vulnerability Description
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libgd | Libgd | <= 2.1.1 |
| Php | Php | <= 5.6.11 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2016-2750.html
- http://www.debian.org/security/2016/dsa-3587
- http://www.php.net/ChangeLog-5.php
- http://www.ubuntu.com/usn/USN-2987-1
- https://bugs.php.net/bug.php?id=70064Exploit
- https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24Patch
- https://github.com/libgd/libgd/issues/173Patch
- http://rhn.redhat.com/errata/RHSA-2016-2750.html
- http://www.debian.org/security/2016/dsa-3587
- http://www.php.net/ChangeLog-5.php
- http://www.ubuntu.com/usn/USN-2987-1
- https://bugs.php.net/bug.php?id=70064Exploit
- https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24Patch
- https://github.com/libgd/libgd/issues/173Patch
FAQ
What is CVE-2015-8877?
CVE-2015-8877 is a vulnerability with a CVSS score of 7.5 (HIGH). The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows r...
How severe is CVE-2015-8877?
CVE-2015-8877 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8877?
Check the references section above for vendor advisories and patch information. Affected products include: Libgd Libgd, Php Php.