CVE-2016-10166Integer Underflow (Wrap or Wraparound) in Libgd

CWE-191Integer Underflow (Wrap or Wraparound)CWE-190Integer Overflow or Wraparound13 documents10 sources
Severity
9.8CRITICALNVD
EPSS
8.3%
top 7.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libgd
Timeline
PublishedMar 15
Latest updateDec 8

Description

Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDlibgd/libgd2.2.3

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-mxg6-5pv2-x2rf: Integer underflow in the _gdContributionsAlloc function in gd_interpolation2022-05-17
OSV
CVE-2016-10166: Integer underflow in the _gdContributionsAlloc function in gd_interpolation2017-03-15
CVEList
CVE-2016-10166: Integer underflow in the _gdContributionsAlloc function in gd_interpolation2017-03-15
OSV
libgd2 vulnerabilities2017-02-28

📋Vendor Advisories

3
Ubuntu
GD library vulnerabilities2017-02-28
Red Hat
gd: Unsigned integer underflow _gdContributionsAlloc()2016-08-06
Debian
CVE-2016-10166: libgd2 - Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in...2016

📄Research Papers

1
arXiv
VulnLLM-R: Specialized Reasoning LLM with Agent Scaffold for Vulnerability Detection2025-12-08

💬Community

4
HackerOne
efree() on uninitialized Heap data in imagescale leads to use-after-free2020-10-10
Bugzilla
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 php: various flaws [fedora-all]2017-02-03
Bugzilla
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 CVE-2016-9317 libwmf: various flaws [fedora-all]2017-02-03
Bugzilla
CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc()2017-02-03