CVE-2016-10166
published 2017-03-15CVE-2016-10166: Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to…
PriorityP347critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
10.69%
95.3th percentile
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | < libgd2 2.2.4-1 (bookworm) | libgd2 2.2.4-1 (bookworm) |
| libgd | libgd | <= 2.2.3 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mxg6-5pv2-x2rf: Integer underflow in the _gdContributionsAlloc function in gd_interpolation
ghsa_unreviewed·2022-05-17
CVE-2016-10166 [CRITICAL] CWE-191 GHSA-mxg6-5pv2-x2rf: Integer underflow in the _gdContributionsAlloc function in gd_interpolation
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
OSV
CVE-2016-10166: Integer underflow in the _gdContributionsAlloc function in gd_interpolation
osv·2017-03-15·CVSS 9.8
CVE-2016-10166 [CRITICAL] CVE-2016-10166: Integer underflow in the _gdContributionsAlloc function in gd_interpolation
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
OSV
libgd2 vulnerabilities
osv·2017-02-28·CVSS 9.8
CVE-2016-10166 [CRITICAL] libgd2 vulnerabilities
libgd2 vulnerabilities
Stefan Esser discovered that the GD library incorrectly handled memory when
processing certain images. If a user or automated system were tricked into
processing a specially crafted image, an attacker could cause a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10166)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an attacker could cause a denial of service.
(CVE-2016-10167)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an atta
Ubuntu
GD library vulnerabilities
vendor_ubuntu·2017-02-28·CVSS 9.8
CVE-2016-10166 [CRITICAL] GD library vulnerabilities
Title: GD library vulnerabilities
Summary: The GD library could be made to crash or run programs if it processed a
specially crafted image file.
Stefan Esser discovered that the GD library incorrectly handled memory when
processing certain images. If a user or automated system were tricked into
processing a specially crafted image, an attacker could cause a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10166)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an attacker could cause a denial of service.
(CVE-2016-10167)
It was discovered that the GD library incorrectly hand
Red Hat
gd: Unsigned integer underflow _gdContributionsAlloc()
vendor_redhat·2016-08-06·CVSS 9.8
CVE-2016-10166 [CRITICAL] CWE-190 gd: Unsigned integer underflow _gdContributionsAlloc()
gd: Unsigned integer underflow _gdContributionsAlloc()
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
Package: gd (Red Hat Enterprise Linux 5) - Not affected
Package: libwmf (Red Hat Enterprise Linux 5) - Not affected
Package: php (Red Hat Enterprise Linux 5) - Not affected
Package: php53 (Red Hat Enterprise Linux 5) - Not affected
Package: gd (Red Hat Enterprise Linux 6) - Not affected
Package: libwmf (Red Hat Enterprise Linux 6) - Not affected
Package: php (Red Hat Enterprise Linux 6) - Not affected
Package: gd (Red Hat Enterprise Linux 7) - Not affected
Package: libwmf (Red Hat Enterprise Linux
Debian
CVE-2016-10166: libgd2 - Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in...
vendor_debian·2016·CVSS 9.8
CVE-2016-10166 [CRITICAL] CVE-2016-10166: libgd2 - Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in...
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
Scope: local
bookworm: resolved (fixed in 2.2.4-1)
bullseye: resolved (fixed in 2.2.4-1)
forky: resolved (fixed in 2.2.4-1)
sid: resolved (fixed in 2.2.4-1)
trixie: resolved (fixed in 2.2.4-1)
No detection rules found.
No public exploits indexed.
HackerOne
efree() on uninitialized Heap data in imagescale leads to use-after-free
hackerone·2020-10-10·CVSS 9.8
CVE-2016-10166 [CRITICAL] efree() on uninitialized Heap data in imagescale leads to use-after-free
efree() on uninitialized Heap data in imagescale leads to use-after-free
The core bug: https://bugs.php.net/bug.php?id=77269
This bugfix actually involves two vulnerabilities: a call to efree on uninitialized data and another free() based vulnerability. What is described below is a bug that was fixed in libgd two years ago (CVE-2016-10166), but the patch was never applied to PHP's libgd. Furthermore, the patch for that CVE introduced a use after free vulnerability, also in PHPs `imagescale()` function. This can be seen in the comment history of the PHP bug.
----
The bug occurs in ext/gd/libgd/gd_interpolation.c in the function _gdContributionsAlloc(int line_size, int windows_size). The function will attempt to allocate helper structs and receives two parameters: the line size and the wi
Bugzilla
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 php: various flaws [fedora-all]
bugzilla·2017-02-03·CVSS 9.8
CVE-2016-10166 [CRITICAL] CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 php: various flaws [fedora-all]
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 php: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported
Bugzilla
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 CVE-2016-9317 libwmf: various flaws [fedora-all]
bugzilla·2017-02-03·CVSS 9.8
CVE-2016-10166 [CRITICAL] CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 CVE-2016-9317 libwmf: various flaws [fedora-all]
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 CVE-2016-9317 libwmf: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects m
Bugzilla
CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc()
bugzilla·2017-02-03·CVSS 9.8
CVE-2016-10166 [CRITICAL] CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc()
CVE-2016-10166 gd: Unsigned integer underflow _gdContributionsAlloc()
An unsigned integer overflow vulnerability was found in _gdContributionsAlloc function.
Upstream patch:
https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
CVE assignment:
http://www.openwall.com/lists/oss-security/2017/01/28/6
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1418991]
---
Created libwmf tracking bugs for this issue:
Affects: fedora-all [bug 1418992]
---
Analysis:
The code affects the _gdContributionsAlloc() function, which first appeared in gd-2.2.5. Red Hat Enterprise Linux 5, 6 and 7 does not ship with this gd version (or higher) either in an independent package or embedded with PHP, hence they are not affected.
---
(In reply to H
arXiv
VulnLLM-R: Specialized Reasoning LLM with Agent Scaffold for Vulnerability Detection
arxiv_fulltext·2025-12-08
VulnLLM-R: Specialized Reasoning LLM with Agent Scaffold for Vulnerability Detection
[
VulnLLM-R: Specialized Reasoning LLM with Agent Scaffold for Vulnerability Detection
equal*
icmlauthorlist
Yuzhou Nieucsb
Hongwei Liucsb
Chengquan Guouchicago
Ruizhe Jiangucsb
Zhun Wangucb
Bo Liuiuc
Dawn Songucb
Wenbo Guoucsb
icmlauthorlist
ucsbDepartment of Computer Science, University of California, Santa Barbara, CA, USA
uchicagoDepartment of Computer Science, University of Chicago, Chicago, IL, USA
ucbDepartment of Electrical Engineering and Computer Sciences, University of California, Berkeley, CA, USA
uiucDepartment of Computer Science, University of Illinois Urbana-Champaign, Champaign, IL, USA
Dawn [email protected]
Wenbo [email protected]
Machine Learning, ICML
0.3in
]
## Abstract
We propose , the first specialized reasoning LLM for vulnerability detection.
Ou
http://libgd.github.io/release-2.2.4.htmlhttp://www.debian.org/security/2017/dsa-3777http://www.openwall.com/lists/oss-security/2017/01/26/1http://www.openwall.com/lists/oss-security/2017/01/28/6http://www.securityfocus.com/bid/95869https://access.redhat.com/errata/RHSA-2019:2519https://access.redhat.com/errata/RHSA-2019:3299https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35http://libgd.github.io/release-2.2.4.htmlhttp://www.debian.org/security/2017/dsa-3777http://www.openwall.com/lists/oss-security/2017/01/26/1http://www.openwall.com/lists/oss-security/2017/01/28/6http://www.securityfocus.com/bid/95869https://access.redhat.com/errata/RHSA-2019:2519https://access.redhat.com/errata/RHSA-2019:3299https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
2017-03-15
Published