PT-2016-3100 · Gd+5 · Gd Graphics Library+5

Published

2016-12-31

·

Updated

2024-06-15

·

CVE-2016-10167

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GD Graphics Library versions prior to 2.2.4
Description The issue is caused by an integer overflow in the gd io.c component of the GD Graphics Library. This can be exploited by a remote attacker to potentially cause undefined impact by manipulating the number of horizontal and vertical elements in an image. The gdImageCreateFromGd2Ctx function in gd gd2.c is also affected, allowing remote attackers to cause a denial of service via a crafted image file.
Recommendations For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the gdImageCreateFromGd2Ctx function until a patch is applied. Avoid using the vulnerable component of the GD Graphics Library with untrusted image files until the issue is resolved.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2017-00762
CESA-2017_3221
CVE-2016-10167
DLA-804-1
DSA-3777-1
MGASA-2017-0055
MGASA-2017-0086
OPENSUSE-SU-2017_0588-1
OPENSUSE-SU-2024:10777-1
RHSA-2017:3221
RHSA-2017_3221
RHSA-2018:1296
SUSE-SU-2017:0459-1
SUSE-SU-2017:0468-1
SUSE-SU-2017:0534-1
SUSE-SU-2017:0556-1
SUSE-SU-2017:0568-1
SUSE-SU-2017_0459-1
USN-3213-1

Affected Products

Centos
Fortios
Gd Graphics Library
Red Hat
Suse
Ubuntu