CVE-2016-6128

Name	CVE-2016-6128
Description	The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-3619-1
Debian Bugs	829062

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libgd2 (PTS)	jessie, jessie (lts)	2.1.0-5+deb8u15	fixed
	stretch (security)	2.2.4-2+deb9u4	fixed
	stretch (lts), stretch	2.2.4-2+deb9u6	fixed
	buster (security), buster, buster (lts)	2.2.5-5.2+deb10u1	fixed
	bullseye	2.3.0-2	fixed
	bookworm	2.3.3-9	fixed
	sid, trixie	2.3.3-12	fixed
php5 (PTS)	jessie, jessie (lts)	5.6.40+dfsg-0+deb8u21	fixed
php7.0 (PTS)	stretch (security)	7.0.33-0+deb9u12	fixed
	stretch (lts), stretch	7.0.33-0+deb9u19	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
libgd2	source	wheezy	(not affected)
libgd2	source	jessie	2.1.0-5+deb8u4		DSA-3619-1
libgd2	source	(unstable)	2.2.2-29-g3c2b605-1			829062
php5	source	wheezy	(not affected)
php5	source	jessie	5.6.26+dfsg-0+deb8u1
php5	source	(unstable)	5.6.26+dfsg-1	unimportant
php7.0	source	(unstable)	7.0.9-1	unimportant

Notes

[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
https://github.com/libgd/libgd/compare/3fe0a7128bac5000fdcfab888bd2a75ec0c9447d...fd623025505e87bba7ec8555eeb72dae4fb0afd
Crop support introduced in https://github.com/libgd/libgd/commit/f67452e1f82f1c2496e0859d638172bee74b43a0 (gd-2.1.0-alpha1)
[wheezy] - php5 <not-affected> (Vulnerable code not present)
PHP bug: https://bugs.php.net/bug.php?id=72494
Starting with 5.4.0-1 Debian uses the system copy of libgd