CVE-2016-5767 — Integer Overflow or Wraparound in Libgd

CWE-190 — Integer Overflow or Wraparound CWE-122 — Heap-based Buffer Overflow7 documents6 sources

Severity

8.8HIGHNVD

EPSS

4.6%

top 10.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libgd2 Libgd

Timeline

PublishedAug 7

Latest updateMay 14

Description

Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶debiandebian/libgd2< libgd2 2.0.34~rc1-1 (bookworm)

▶NVDlibgd/libgd2.0.33

🔴Vulnerability Details

GHSA

GHSA-8h88-m6m2-5756: Integer overflow in the gdImageCreate function in gd↗2022-05-14

▶

OSV

CVE-2016-5767: Integer overflow in the gdImageCreate function in gd↗2016-08-07

▶

📋Vendor Advisories

Red Hat

gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow↗2016-06-23

▶

Debian

CVE-2016-5767: libgd2 - Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Librar...↗2016

▶

💬Community

Bugzilla

CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 php: various flaws [fedora-all]↗2016-06-29

▶

Bugzilla

CVE-2016-5767 gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow↗2016-06-29

▶