CVE-2016-5766Integer Overflow or Wraparound in Libgd

CWE-190Integer Overflow or WraparoundCWE-122Heap-based Buffer Overflow10 documents8 sources
Severity
8.8HIGHNVD
EPSS
16.2%
top 5.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Debian LinuxFedoraproject FedoraFreebsd+3 more
Timeline
PublishedAug 7
Latest updateMay 14

Description

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDlibgd/libgd2.2.2

Also affects: Freebsd 10.0, 10.1, 10.2, 10.3, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, 9.2, 9.3, Debian Linux 8.0, Fedora 22, 23, 24, Enterprise Linux 5, 6.0, 7.0

Patches

Patch: github.comPatch: bugs.php.netPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-54vf-4pr8-g7c8: Integer overflow in the _gd2GetHeader function in gd_gd22022-05-14
CVEList
CVE-2016-5766: Integer overflow in the _gd2GetHeader function in gd_gd22016-08-07
OSV
CVE-2016-5766: Integer overflow in the _gd2GetHeader function in gd_gd22016-08-07
OSV
libgd2 vulnerabilities2016-07-11

📋Vendor Advisories

3
Ubuntu
GD library vulnerabilities2016-07-11
Red Hat
gd: Integer overflow in _gd2GetHeader() resulting in heap overflow2016-06-23
Debian
CVE-2016-5766: libgd2 - Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Li...2016

💬Community

2
Bugzilla
CVE-2016-5766 gd: Integer overflow in _gd2GetHeader() resulting in heap overflow2016-06-29
Bugzilla
CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 php: various flaws [fedora-all]2016-06-29
CVE-2016-5766 — Integer Overflow or Wraparound in Libgd | cvebase