[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-9933":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":69,"duplicate_of":9,"upstream":70,"downstream":71,"duplicates":96,"related":97,"reserved_at":9,"published_at":103,"modified_at":104,"state":105,"summary":106,"references_raw":115,"kevs":189,"epss":190,"epss_history":193,"metrics":446,"affected":456},"CVE-2016-9933","Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[],[],[],[72,74,76,78,80,82,84,86,88,90,92,94],{"_key":73},"SUSE-SU-2017:0017-1",{"_key":75},"SUSE-SU-2016:3211-1",{"_key":77},"SUSE-SU-2016:3251-1",{"_key":79},"SUSE-SU-2017:0038-1",{"_key":81},"SUSE-SU-2017:0109-1",{"_key":83},"DLA-758-1",{"_key":85},"DSA-3732-1",{"_key":87},"DSA-3751-1",{"_key":89},"UBUNTU-CVE-2016-9933",{"_key":91},"USN-3213-1",{"_key":93},"DEBIAN-CVE-2016-9933",{"_key":95},"RHSA-2018:1296",[],[98,99,100,101,102],{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},"2017-01-04T20:00:00.000Z","2024-08-06T03:07:31.422Z","Modified",{"cisa_kev":107,"cisa_ransomware":107,"cisa_vendor":9,"epss_severity":108,"epss_score":109,"severity":110,"severity_score":111,"severity_version":112,"severity_source":113,"severity_vector":114,"severity_status":105},false,"low",0.08286,"high",7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[116,124,130,134,140,144,148,153,159,164,168,172,176,180,184],{"url":117,"sources":118,"tags":120},"http://www.openwall.com/lists/oss-security/2016/12/12/2",[119,113],"cve.org",[121,122,123],"Mailing List","X Refsource MLIST","Third Party Advisory",{"url":125,"sources":126,"tags":127},"http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html",[119,113],[128,129],"Vendor Advisory","X Refsource SUSE",{"url":131,"sources":132,"tags":133},"http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html",[119,113],[128,129],{"url":135,"sources":136,"tags":137},"http://www.php.net/ChangeLog-7.php",[119,113],[138,139,128],"X Refsource CONFIRM","Release Notes",{"url":141,"sources":142,"tags":143},"http://lists.opensuse.org/opensuse-updates/2017-01/msg00002.html",[119,113],[128,129],{"url":145,"sources":146,"tags":147},"https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1",[119,113],[138,128],{"url":149,"sources":150,"tags":151},"http://www.debian.org/security/2017/dsa-3751",[119,113],[128,152],"X Refsource DEBIAN",{"url":154,"sources":155,"tags":156},"http://www.securityfocus.com/bid/94865",[119,113],[157,158],"VDB Entry","X Refsource BID",{"url":160,"sources":161,"tags":162},"https://access.redhat.com/errata/RHSA-2018:1296",[119,113],[128,163],"X Refsource REDHAT",{"url":165,"sources":166,"tags":167},"http://www.php.net/ChangeLog-5.php",[119,113],[138,139,128],{"url":169,"sources":170,"tags":171},"https://bugs.php.net/bug.php?id=72696",[119,113],[138,128],{"url":173,"sources":174,"tags":175},"http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html",[119,113],[128,129],{"url":177,"sources":178,"tags":179},"http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html",[119,113],[128,129],{"url":181,"sources":182,"tags":183},"https://github.com/libgd/libgd/issues/215",[119,113],[138,128],{"url":185,"sources":186,"tags":187},"https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e",[119,113],[138,188,128],"Patch",[],{"date":191,"score":109,"percentile":192},"2026-06-04",0.92391,[194,198,201,204,207,210,213,215,218,221,224,227,230,232,235,238,241,244,247,250,253,256,259,262,264,267,270,272,275,278,281,284,287,289,291,294,297,300,303,306,309,312,314,317,320,323,325,327,329,332,335,338,341,344,348,351,354,357,360,363,366,369,371,374,376,378,381,384,387,389,391,393,396,398,401,404,407,410,413,416,419,422,425,428,431,433,436,439,441,443],{"date":195,"score":196,"percentile":197},"2025-11-04",0.11102,0.93127,{"date":199,"score":196,"percentile":200},"2025-11-05",0.93128,{"date":202,"score":196,"percentile":203},"2025-11-06",0.93129,{"date":205,"score":196,"percentile":206},"2025-11-07",0.93135,{"date":208,"score":196,"percentile":209},"2025-11-08",0.93134,{"date":211,"score":196,"percentile":212},"2025-11-09",0.93132,{"date":214,"score":196,"percentile":212},"2025-11-10",{"date":216,"score":196,"percentile":217},"2025-11-11",0.93137,{"date":219,"score":196,"percentile":220},"2025-11-12",0.93143,{"date":222,"score":196,"percentile":223},"2025-11-13",0.93146,{"date":225,"score":196,"percentile":226},"2025-11-14",0.93148,{"date":228,"score":196,"percentile":229},"2025-11-15",0.93141,{"date":231,"score":196,"percentile":223},"2025-11-16",{"date":233,"score":196,"percentile":234},"2025-11-17",0.93145,{"date":236,"score":196,"percentile":237},"2025-11-18",0.92738,{"date":239,"score":196,"percentile":240},"2025-11-19",0.92741,{"date":242,"score":196,"percentile":243},"2025-11-20",0.92745,{"date":245,"score":196,"percentile":246},"2025-11-21",0.93161,{"date":248,"score":196,"percentile":249},"2025-11-22",0.93159,{"date":251,"score":196,"percentile":252},"2025-11-23",0.93163,{"date":254,"score":196,"percentile":255},"2025-11-24",0.93165,{"date":257,"score":196,"percentile":258},"2025-11-25",0.93166,{"date":260,"score":196,"percentile":261},"2025-11-26",0.93164,{"date":263,"score":196,"percentile":255},"2025-11-27",{"date":265,"score":196,"percentile":266},"2025-11-28",0.93158,{"date":268,"score":196,"percentile":269},"2025-11-29",0.93167,{"date":271,"score":196,"percentile":269},"2025-11-30",{"date":273,"score":196,"percentile":274},"2025-12-01",0.93212,{"date":276,"score":196,"percentile":277},"2025-12-02",0.93217,{"date":279,"score":196,"percentile":280},"2025-12-03",0.93219,{"date":282,"score":196,"percentile":283},"2025-12-04",0.93173,{"date":285,"score":196,"percentile":286},"2025-12-05",0.93177,{"date":288,"score":196,"percentile":286},"2025-12-06",{"date":290,"score":196,"percentile":286},"2025-12-07",{"date":292,"score":196,"percentile":293},"2025-12-08",0.93181,{"date":295,"score":196,"percentile":296},"2025-12-09",0.93184,{"date":298,"score":196,"percentile":299},"2025-12-10",0.93188,{"date":301,"score":196,"percentile":302},"2025-12-11",0.93193,{"date":304,"score":196,"percentile":305},"2025-12-12",0.93197,{"date":307,"score":196,"percentile":308},"2025-12-13",0.93203,{"date":310,"score":196,"percentile":311},"2025-12-14",0.93199,{"date":313,"score":196,"percentile":308},"2025-12-15",{"date":315,"score":196,"percentile":316},"2025-12-16",0.932,{"date":318,"score":196,"percentile":319},"2025-12-17",0.93207,{"date":321,"score":196,"percentile":322},"2025-12-18",0.9321,{"date":324,"score":196,"percentile":322},"2025-12-19",{"date":326,"score":196,"percentile":319},"2025-12-20",{"date":328,"score":196,"percentile":322},"2025-12-21",{"date":330,"score":196,"percentile":331},"2025-12-22",0.93218,{"date":333,"score":196,"percentile":334},"2025-12-23",0.93209,{"date":336,"score":196,"percentile":337},"2025-12-24",0.93214,{"date":339,"score":196,"percentile":340},"2025-12-25",0.93229,{"date":342,"score":196,"percentile":343},"2025-12-26",0.93227,{"date":345,"score":346,"percentile":347},"2025-12-27",0.05329,0.89772,{"date":349,"score":196,"percentile":350},"2025-12-28",0.93224,{"date":352,"score":196,"percentile":353},"2025-12-29",0.93222,{"date":355,"score":196,"percentile":356},"2025-12-30",0.93223,{"date":358,"score":196,"percentile":359},"2025-12-31",0.93228,{"date":361,"score":196,"percentile":362},"2026-01-01",0.93265,{"date":364,"score":196,"percentile":365},"2026-01-02",0.9326,{"date":367,"score":196,"percentile":368},"2026-01-03",0.93259,{"date":370,"score":196,"percentile":280},"2026-01-04",{"date":372,"score":196,"percentile":373},"2026-01-05",0.93215,{"date":375,"score":196,"percentile":277},"2026-01-06",{"date":377,"score":196,"percentile":277},"2026-01-07",{"date":379,"score":196,"percentile":380},"2026-01-08",0.9322,{"date":382,"score":196,"percentile":383},"2026-01-09",0.93225,{"date":385,"score":196,"percentile":386},"2026-01-10",0.93226,{"date":388,"score":196,"percentile":383},"2026-01-11",{"date":390,"score":196,"percentile":350},"2026-01-12",{"date":392,"score":196,"percentile":356},"2026-01-13",{"date":394,"score":196,"percentile":395},"2026-01-14",0.93232,{"date":397,"score":196,"percentile":395},"2026-01-15",{"date":399,"score":196,"percentile":400},"2026-01-16",0.93236,{"date":402,"score":196,"percentile":403},"2026-01-17",0.93239,{"date":405,"score":196,"percentile":406},"2026-01-18",0.93233,{"date":408,"score":196,"percentile":409},"2026-01-19",0.93234,{"date":411,"score":196,"percentile":412},"2026-01-20",0.93235,{"date":414,"score":196,"percentile":415},"2026-01-21",0.9324,{"date":417,"score":196,"percentile":418},"2026-01-22",0.93243,{"date":420,"score":196,"percentile":421},"2026-01-23",0.93248,{"date":423,"score":196,"percentile":424},"2026-01-24",0.93252,{"date":426,"score":196,"percentile":427},"2026-01-25",0.93255,{"date":429,"score":196,"percentile":430},"2026-01-26",0.93256,{"date":432,"score":196,"percentile":368},"2026-01-27",{"date":434,"score":196,"percentile":435},"2026-01-28",0.93263,{"date":437,"score":196,"percentile":438},"2026-01-29",0.93264,{"date":440,"score":196,"percentile":435},"2026-01-30",{"date":442,"score":196,"percentile":438},"2026-01-31",{"date":444,"score":196,"percentile":445},"2026-02-01",0.933,[447],{"source":113,"cvss_v2_0":448,"cvss_v3_0":453,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":449,"baseSeverity":9,"vectorString":450,"impactScore":451,"exploitabilityScore":452},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,10,{"baseScore":111,"baseSeverity":454,"vectorString":114,"impactScore":455,"exploitabilityScore":452},"HIGH",6,[457],{"ecosystem":9,"name":458,"vendor":458,"product":458,"cpe_part":459,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":460},"libgd","a",[461],{"version":462,"is_range":107,"range_type":463,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.2.1","cpe"]