|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #73869 Signed Integer Overflow gd_io.c
Submitted: 2017-01-05 10:33 UTC Modified: 2017-01-28 23:05 UTC
From: Assigned: cmb (profile)
Status: Closed Package: GD related
PHP Version: 5.6.29 OS:
Private report: No CVE-ID: 2016-10168
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
12 - 11 = ?
Subscribe to this entry?

 [2017-01-05 10:33 UTC]
This is a security sync with GD-2.2


GD2 stores the number of horizontal and vertical chunks as words (i.e. 2
byte unsigned). These values are multiplied and assigned to an int when
reading the image, what can cause integer overflows. We have to avoid
that, and also make sure that either chunk count is actually greater
than zero. If illegal chunk counts are detected, we bail out from
reading the image.


fix-73869 (last revision 2017-01-05 17:00 UTC by
0004-Fix-354-Signed-Integer-Overflow-gd_io.c.patch (last revision 2017-01-05 10:33 UTC by ondrej)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-05 17:00 UTC]
The following patch has been added/updated:

Patch Name: fix-73869
Revision:   1483635640
 [2017-01-05 17:01 UTC]
fix-73869 adds a respective PHPT, and should be applied against
 [2017-01-05 19:27 UTC]
-Assigned To: +Assigned To: cmb
 [2017-01-05 23:08 UTC]
-PHP Version: 7.1.0 +PHP Version: 5.6.29
 [2017-01-16 17:08 UTC]
Patch is merged into security repo as 5b5d9db3988b829e0b121b74bb3947f01c2796a1.

 [2017-01-21 16:56 UTC]
-Status: Assigned +Status: Closed
 [2017-01-21 16:56 UTC]
The fix has been released with PHP 5.6.30, 7.0.15 and 7.1.1, so
I'm (dis)closing.
 [2017-01-28 23:05 UTC]
-CVE-ID: +CVE-ID: 2016-10168
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Wed Oct 04 17:01:26 2023 UTC