CVE-2016-6161 — Out-of-bounds Read in Libgd

CWE-125 — Out-of-bounds Read CWE-20 — Improper Input Validation10 documents7 sources

Severity

6.5MEDIUMNVD

OSV7.6

EPSS

0.9%

top 24.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libgd2 Libgd Debian Linux +1 more

Timeline

PublishedAug 12

Latest updateMay 14

Description

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/libgd2< libgd2 2.2.1-1 (bookworm)

▶NVDlibgd/libgd2.2.2

▶NVDopensuse/leap42.1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-gq8p-8q2h-mv7w: The output function in gd_gif_out↗2022-05-14

▶

OSV

CVE-2016-6161: The output function in gd_gif_out↗2016-08-12

▶

OSV

libgd2 vulnerabilities↗2016-07-11

▶

📋Vendor Advisories

Ubuntu

GD library vulnerabilities↗2016-07-11

▶

Red Hat

gd: Global out-of-bounds read when encoding gif from malformed gd2 input↗2016-05-08

▶

Debian

CVE-2016-6161: libgd2 - The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allow...↗2016

▶

💬Community

Bugzilla

CVE-2016-6161 php: gd: Global out-of-bounds read when encoding gif from malformed gd2 input [fedora-all]↗2016-07-12

▶

Bugzilla

CVE-2016-6161 gd: Global out-of-bounds read when encoding gif from malformed gd2 input↗2016-07-07

▶

Bugzilla

CVE-2016-6161 gd: Gloabal out-of-bounds read when enconding gif from malformed input with gd2togif [fedora-23]↗2016-07-07

▶