An integer overflow vulnerability was found in function gdImageWebpCtx of file gd_webp.c in libgd. It could lead to heap buffer overflow. Both PHP 7.0.10 and libgd 2.2.3 were affected. PHP bug: https://bugs.php.net/bug.php?id=73003 PHP patch: https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6 libgd bug: https://github.com/libgd/libgd/issues/308 libgd patch: https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03 CVE assignment: http://seclists.org/oss-sec/2016/q3/639
Created gd tracking bugs for this issue: Affects: fedora-all [bug 1380453]
Created php tracking bugs for this issue: Affects: fedora-all [bug 1380452]
This vulnerability is only present if gd is build against libwebp. Fedora does so, but no Red Hat Enterprise Linux versions of gd do.