PT-2016-5357 · Gd+2 · Gd Graphics Library+2

Hans Jerry Illikainen

Published

2016-04-24

Updated

2022-07-20

CVE-2016-3074

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GD Graphics Library version 2.1.1

Description The issue is related to an integer signedness error that can be triggered by crafted compressed gd2 data, potentially leading to a denial of service or arbitrary code execution due to a heap-based buffer overflow.

Recommendations For GD Graphics Library version 2.1.1, update to a version that fixes the integer signedness error to prevent potential exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-681

Related Identifiers

CVE-2016-3074

DSA-3556-1

DSA-3602-1

MGASA-2016-0152

OPENSUSE-SU-2016_1274-1

OPENSUSE-SU-2016_1553-1

RHSA-2016:2750

USN-2987-1

Affected Products

Gd Graphics Library

Suse

Ubuntu

PT-2016-5357 · Gd+2 · Gd Graphics Library+2

CVE-2016-3074

Weakness Enumeration

Related Identifiers

Affected Products

References · 39