PT-2016-6675 · Libgd+6 · Gd Graphics Library+6

Gogil

Publicado

2016-06-24

Atualizado

2024-06-15

CVE-2016-5766

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GD Graphics Library versions prior to 2.2.3 PHP versions prior to 5.5.37 PHP versions 5.6.x prior to 5.6.23 PHP versions 7.x prior to 7.0.8

Description The issue is related to an integer overflow in the gd2GetHeader function, which can be exploited by remote attackers using crafted chunk dimensions in an image. This can lead to a denial of service, causing a heap-based buffer overflow and application crash, or possibly have other unspecified impacts.

Recommendations For GD Graphics Library versions prior to 2.2.3, update to version 2.2.3 or later. For PHP versions prior to 5.5.37, update to version 5.5.37 or later. For PHP versions 5.6.x prior to 5.6.23, update to version 5.6.23 or later. For PHP versions 7.x prior to 7.0.8, update to version 7.0.8 or later.

Exploit

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

CESA-2016_2598

CESA-2020_5443

CVE-2016-5766

DLA-534-1

DSA-3619-1

MGASA-2016-0242

OPENSUSE-SU-2016_1761-1

OPENSUSE-SU-2017_2337-1

OPENSUSE-SU-2024:10062-1

RHSA-2016:2598

RHSA-2016:2750

RHSA-2016_2598

RHSA-2020:5443

RHSA-2020_5443

SUSE-SU-2016:1842-1

SUSE-SU-2016:2013-1

SUSE-SU-2016:2080-1

SUSE-SU-2017:2303-1

SUSE-SU-2017:2317-1

SUSE-SU-2017:2522-1

USN-3030-1

Produtos afetados

Centos

Fortios

Gd Graphics Library

Php

Red Hat

Suse

Ubuntu

PT-2016-6675 · Libgd+6 · Gd Graphics Library+6

CVE-2016-5766

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 193