PT-2016-6675 · Libgd+6 · Gd Graphics Library+6

Gogil

·

Published

2016-06-24

·

Updated

2024-06-15

·

CVE-2016-5766

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GD Graphics Library versions prior to 2.2.3 PHP versions prior to 5.5.37 PHP versions 5.6.x prior to 5.6.23 PHP versions 7.x prior to 7.0.8
Description The issue is related to an integer overflow in the gd2GetHeader function, which can be exploited by remote attackers using crafted chunk dimensions in an image. This can lead to a denial of service, causing a heap-based buffer overflow and application crash, or possibly have other unspecified impacts.
Recommendations For GD Graphics Library versions prior to 2.2.3, update to version 2.2.3 or later. For PHP versions prior to 5.5.37, update to version 5.5.37 or later. For PHP versions 5.6.x prior to 5.6.23, update to version 5.6.23 or later. For PHP versions 7.x prior to 7.0.8, update to version 7.0.8 or later.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CESA-2016_2598
CESA-2020_5443
CVE-2016-5766
DLA-534-1
DSA-3619-1
MGASA-2016-0242
OPENSUSE-SU-2016_1761-1
OPENSUSE-SU-2017_2337-1
OPENSUSE-SU-2024:10062-1
RHSA-2016:2598
RHSA-2016:2750
RHSA-2016_2598
RHSA-2020:5443
RHSA-2020_5443
SUSE-SU-2016:1842-1
SUSE-SU-2016:2013-1
SUSE-SU-2016:2080-1
SUSE-SU-2017:2303-1
SUSE-SU-2017:2317-1
SUSE-SU-2017:2522-1
USN-3030-1

Affected Products

Centos
Fortios
Gd Graphics Library
Php
Red Hat
Suse
Ubuntu