CVE-2016-10167 — Improper Input Validation in Libgd

CWE-20 — Improper Input Validation12 documents9 sources

Severity

5.5MEDIUMNVD

OSV9.8

EPSS

1.0%

top 23.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libgd

Timeline

PublishedMar 15

Latest updateMay 14

Description

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDlibgd/libgd2.2.3

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-v5rm-77g4-wp7f: The gdImageCreateFromGd2Ctx function in gd_gd2↗2022-05-14

▶

CVEList

CVE-2016-10167: The gdImageCreateFromGd2Ctx function in gd_gd2↗2017-03-15

▶

OSV

CVE-2016-10167: The gdImageCreateFromGd2Ctx function in gd_gd2↗2017-03-15

▶

OSV

libgd2 vulnerabilities↗2017-02-28

▶

📋Vendor Advisories

Ubuntu

GD library vulnerabilities↗2017-02-28

▶

Red Hat

gd: DoS vulnerability in gdImageCreateFromGd2Ctx()↗2016-08-16

▶

Debian

CVE-2016-10167: libgd2 - The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka...↗2016

▶

🕵️Threat Intelligence

Tenable

[R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities↗2017-02-14

▶

💬Community

Bugzilla

CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 php: various flaws [fedora-all]↗2017-02-03

▶

Bugzilla

CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 CVE-2016-9317 libwmf: various flaws [fedora-all]↗2017-02-03

▶

Bugzilla

CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx()↗2017-02-03

▶