CVE-2016-10168 — Integer Overflow or Wraparound in Libgd

CWE-190 — Integer Overflow or Wraparound11 documents8 sources

Severity

7.8HIGHNVD

OSV9.8

EPSS

0.7%

top 29.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libgd

Timeline

PublishedMar 15

Latest updateMay 14

Description

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDlibgd/libgd2.2.3

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9fjh-m5gr-mrv2: Integer overflow in gd_io↗2022-05-14

▶

OSV

CVE-2016-10168: Integer overflow in gd_io↗2017-03-15

▶

CVEList

CVE-2016-10168: Integer overflow in gd_io↗2017-03-15

▶

OSV

libgd2 vulnerabilities↗2017-02-28

▶

📋Vendor Advisories

Ubuntu

GD library vulnerabilities↗2017-02-28

▶

Red Hat

gd: Integer overflow in gd_io.c↗2016-12-17

▶

Debian

CVE-2016-10168: libgd2 - Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 ...↗2016

▶

💬Community

Bugzilla

CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 php: various flaws [fedora-all]↗2017-02-03

▶

Bugzilla

CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 CVE-2016-9317 libwmf: various flaws [fedora-all]↗2017-02-03

▶

Bugzilla

CVE-2016-10168 gd: Integer overflow in gd_io.c↗2017-02-03

▶