CVE-2016-6207 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libgd

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write10 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

8.7%

top 7.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PHP Debian Libgd2 Libgd +2 more

Timeline

PublishedAug 12

Latest updateDec 8

Description

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/libgd2< libgd2 2.2.2-43-g22cba39-1 (bookworm)

▶NVDlibgd/libgd2.2.2

▶NVDphp/php5.5.0 — 5.5.38+2

▶NVDopensuse/leap42.1

Also affects: Debian Linux 8.0

Patches

Patch: www.securitytracker.com ↗Patch: www.securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-jx7w-46ch-jmcq: Integer overflow in the _gdContributionsAlloc function in gd_interpolation↗2022-05-14

▶

OSV

CVE-2016-6207: Integer overflow in the _gdContributionsAlloc function in gd_interpolation↗2016-08-12

▶

OSV

libgd2 vulnerabilities↗2016-08-10

▶

📋Vendor Advisories

Ubuntu

GD library vulnerabilities↗2016-08-10

▶

Red Hat

php,gd: Integer overflow error within _gdContributionsAlloc()↗2016-07-07

▶

Debian

CVE-2016-6207: libgd2 - Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in ...↗2016

▶

📄Research Papers

arXiv

VulnLLM-R: Specialized Reasoning LLM with Agent Scaffold for Vulnerability Detection↗2025-12-08

▶

💬Community

Bugzilla

CVE-2016-6207 php,gd: Integer overflow error within _gdContributionsAlloc()↗2016-07-25

▶

Bugzilla

gd: various flaws [fedora-all]↗2016-07-25

▶