PT-2016-3100 · Gd+5 · Gd Graphics Library+5

Publicado

2016-12-31

·

Atualizado

2024-06-15

·

CVE-2016-10167

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GD Graphics Library versions prior to 2.2.4
Description The issue is caused by an integer overflow in the gd io.c component of the GD Graphics Library. This can be exploited by a remote attacker to potentially cause undefined impact by manipulating the number of horizontal and vertical elements in an image. The gdImageCreateFromGd2Ctx function in gd gd2.c is also affected, allowing remote attackers to cause a denial of service via a crafted image file.
Recommendations For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the gdImageCreateFromGd2Ctx function until a patch is applied. Avoid using the vulnerable component of the GD Graphics Library with untrusted image files until the issue is resolved.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2017-00762
CESA-2017_3221
CVE-2016-10167
DLA-804-1
DSA-3777-1
MGASA-2017-0055
MGASA-2017-0086
OPENSUSE-SU-2017_0588-1
OPENSUSE-SU-2024:10777-1
RHSA-2017:3221
RHSA-2017_3221
RHSA-2018:1296
SUSE-SU-2017:0459-1
SUSE-SU-2017:0468-1
SUSE-SU-2017:0534-1
SUSE-SU-2017:0556-1
SUSE-SU-2017:0568-1
SUSE-SU-2017_0459-1
USN-3213-1

Produtos afetados

Centos
Fortios
Gd Graphics Library
Red Hat
Suse
Ubuntu