CVE-2016-10167
published 2017-03-15CVE-2016-10167: The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service…
PriorityP420medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EPSS
3.74%
88.5th percentile
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | < libgd2 2.2.4-1 (bookworm) | libgd2 2.2.4-1 (bookworm) |
| libgd | libgd | <= 2.2.3 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GD library vulnerabilities
vendor_ubuntu·2017-02-28·CVSS 9.8
CVE-2016-10166 [CRITICAL] GD library vulnerabilities
Title: GD library vulnerabilities
Summary: The GD library could be made to crash or run programs if it processed a
specially crafted image file.
Stefan Esser discovered that the GD library incorrectly handled memory when
processing certain images. If a user or automated system were tricked into
processing a specially crafted image, an attacker could cause a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10166)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an attacker could cause a denial of service.
(CVE-2016-10167)
It was discovered that the GD library incorrectly hand
Red Hat
gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
vendor_redhat·2016-08-16·CVSS 5.5
CVE-2016-10167 [MEDIUM] gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service.
Package: gd (Red Hat Enterprise Linux 5) - Will not fix
Package: libwmf (Red Hat Enterprise Linux 5) - Will not fix
Package: php (Red Hat Enterprise Linux 5) - Will not fix
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
Package: gd (Red Hat Enterprise Linux 6) - Will not fix
Package: libwmf (Red Hat Enterprise Linux 6) - Will not fix
Packag
Debian
CVE-2016-10167: libgd2 - The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka...
vendor_debian·2016·CVSS 5.5
CVE-2016-10167 [MEDIUM] CVE-2016-10167: libgd2 - The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka...
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
Scope: local
bookworm: resolved (fixed in 2.2.4-1)
bullseye: resolved (fixed in 2.2.4-1)
forky: resolved (fixed in 2.2.4-1)
sid: resolved (fixed in 2.2.4-1)
trixie: resolved (fixed in 2.2.4-1)
GHSA
GHSA-v5rm-77g4-wp7f: The gdImageCreateFromGd2Ctx function in gd_gd2
ghsa_unreviewed·2022-05-14
CVE-2016-10167 [MEDIUM] CWE-20 GHSA-v5rm-77g4-wp7f: The gdImageCreateFromGd2Ctx function in gd_gd2
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
OSV
CVE-2016-10167: The gdImageCreateFromGd2Ctx function in gd_gd2
osv·2017-03-15·CVSS 5.5
CVE-2016-10167 [MEDIUM] CVE-2016-10167: The gdImageCreateFromGd2Ctx function in gd_gd2
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
OSV
libgd2 vulnerabilities
osv·2017-02-28·CVSS 9.8
CVE-2016-10166 [CRITICAL] libgd2 vulnerabilities
libgd2 vulnerabilities
Stefan Esser discovered that the GD library incorrectly handled memory when
processing certain images. If a user or automated system were tricked into
processing a specially crafted image, an attacker could cause a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10166)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an attacker could cause a denial of service.
(CVE-2016-10167)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an atta
No detection rules found.
No public exploits indexed.
Tenable
[R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities
blogs_tenable·2017-02-14
[R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 php: various flaws [fedora-all]
bugzilla·2017-02-03·CVSS 9.8
CVE-2016-10166 [CRITICAL] CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 php: various flaws [fedora-all]
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 php: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported
Bugzilla
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 CVE-2016-9317 libwmf: various flaws [fedora-all]
bugzilla·2017-02-03·CVSS 9.8
CVE-2016-10166 [CRITICAL] CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 CVE-2016-9317 libwmf: various flaws [fedora-all]
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 CVE-2016-9317 libwmf: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects m
Bugzilla
CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
bugzilla·2017-02-03·CVSS 5.5
CVE-2016-10167 [MEDIUM] CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
Possible DoS vulnerability in gdImageCreateFromGd2Ctx() was found.
Upstream patch:
https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
PHP bug:
https://bugs.php.net/bug.php?id=73868
CVE assignment:
http://www.openwall.com/lists/oss-security/2017/01/28/6
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1418991]
---
Created libwmf tracking bugs for this issue:
Affects: fedora-all [bug 1418992]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:3221 https://access.redhat.com/errata/RHSA-2017:3221
---
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enter
http://libgd.github.io/release-2.2.4.htmlhttp://www.debian.org/security/2017/dsa-3777http://www.openwall.com/lists/oss-security/2017/01/26/1http://www.openwall.com/lists/oss-security/2017/01/28/6http://www.securityfocus.com/bid/95869http://www.securitytracker.com/id/1037659https://access.redhat.com/errata/RHSA-2017:3221https://access.redhat.com/errata/RHSA-2018:1296https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36fhttps://www.tenable.com/security/tns-2017-04http://libgd.github.io/release-2.2.4.htmlhttp://www.debian.org/security/2017/dsa-3777http://www.openwall.com/lists/oss-security/2017/01/26/1http://www.openwall.com/lists/oss-security/2017/01/28/6http://www.securityfocus.com/bid/95869http://www.securitytracker.com/id/1037659https://access.redhat.com/errata/RHSA-2017:3221https://access.redhat.com/errata/RHSA-2018:1296https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36fhttps://www.tenable.com/security/tns-2017-04
2017-03-15
Published