CVE-2016-6911
published 2017-01-26CVE-2016-6911: The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a…
PriorityP421medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EPSS
1.76%
75.3th percentile
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | < libgd2 2.2.3-87-gd0fec80-2 (bookworm) | libgd2 2.2.3-87-gd0fec80-2 (bookworm) |
| libgd | libgd | <= 2.2.3 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
GD Graphics Library up to 2.2.3 TIFF Image dynamicGetbuf out-of-bounds (Nessus ID 900040 / ID 276304)
vuldb·2026-05-14·CVSS 5.5
CVE-2016-6911 [MEDIUM] GD Graphics Library up to 2.2.3 TIFF Image dynamicGetbuf out-of-bounds (Nessus ID 900040 / ID 276304)
A vulnerability classified as problematic has been found in GD Graphics Library up to 2.2.3. The affected element is the function dynamicGetbuf of the component TIFF Image Handler. This manipulation causes out-of-bounds read.
This vulnerability is registered as CVE-2016-6911. Remote exploitation of the attack is possible. No exploit is available.
It is recommended to upgrade the affected component.
GHSA
GHSA-v5f2-456f-72fv: The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2
ghsa_unreviewed·2022-05-17
CVE-2016-6911 [MEDIUM] CWE-125 GHSA-v5f2-456f-72fv: The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
OSV
CVE-2016-6911: The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2
osv·2017-01-26·CVSS 5.5
CVE-2016-6911 [MEDIUM] CVE-2016-6911: The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
OSV
libgd2 vulnerabilities
osv·2016-11-01·CVSS 5.5
CVE-2016-6911 [MEDIUM] libgd2 vulnerabilities
libgd2 vulnerabilities
Ibrahim El-Sayed discovered that the GD library incorrectly handled certain
malformed Tiff images. If a user or automated system were tricked into
processing a specially crafted Tiff image, an attacker could cause a denial
of service. (CVE-2016-6911)
Ke Liu discovered that the GD library incorrectly handled certain integers
when processing WebP images. If a user or automated system were tricked
into processing a specially crafted WebP image, an attacker could cause a
denial of service, or possibly execute arbitrary code. This issue only
applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-7568)
Emmanuel Law discovered that the GD library incorrectly handled certain
strings when creating images. If a user or automated system were tricked
into p
Ubuntu
GD library vulnerabilities
vendor_ubuntu·2016-11-01·CVSS 5.5
CVE-2016-6911 [MEDIUM] GD library vulnerabilities
Title: GD library vulnerabilities
Summary: The GD library could be made to crash or run programs if it processed a
specially crafted image file.
Ibrahim El-Sayed discovered that the GD library incorrectly handled certain
malformed Tiff images. If a user or automated system were tricked into
processing a specially crafted Tiff image, an attacker could cause a denial
of service. (CVE-2016-6911)
Ke Liu discovered that the GD library incorrectly handled certain integers
when processing WebP images. If a user or automated system were tricked
into processing a specially crafted WebP image, an attacker could cause a
denial of service, or possibly execute arbitrary code. This issue only
applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-7568)
Emmanuel Law discovered that
Red Hat
php: Missing check for OOB read in dynamicGetbuf()
vendor_redhat·2016-10-15·CVSS 5.5
CVE-2016-6911 [MEDIUM] CWE-391 php: Missing check for OOB read in dynamicGetbuf()
php: Missing check for OOB read in dynamicGetbuf()
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
A vulnerability was found in gd. The function dynamicGetbuf() failed to check for out of bounds reads. An attacker could create a crafted image that would lead to a crash or, potentially, information disclosure.
Package: gd (Red Hat Enterprise Linux 5) - Will not fix
Package: php (Red Hat Enterprise Linux 5) - Will not fix
Package: php53 (Red Hat Enterprise Linux 5) - Will not fix
Package: gd (Red Hat Enterprise Linux 6) - Will not fix
Package: php (Red Hat Enterprise Linux 6) - Will not fix
Package: gd (Red Hat Enterprise Linux 7) - Will not fix
Package:
Debian
CVE-2016-6911: libgd2 - The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 a...
vendor_debian·2016·CVSS 5.5
CVE-2016-6911 [MEDIUM] CVE-2016-6911: libgd2 - The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 a...
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
Scope: local
bookworm: resolved (fixed in 2.2.3-87-gd0fec80-2)
bullseye: resolved (fixed in 2.2.3-87-gd0fec80-2)
forky: resolved (fixed in 2.2.3-87-gd0fec80-2)
sid: resolved (fixed in 2.2.3-87-gd0fec80-2)
trixie: resolved (fixed in 2.2.3-87-gd0fec80-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-6911 gd: Missing check for OOB read in dynamicGetbuf() [fedora-all]
bugzilla·2016-10-26·CVSS 5.5
CVE-2016-6911 [MEDIUM] CVE-2016-6911 gd: Missing check for OOB read in dynamicGetbuf() [fedora-all]
CVE-2016-6911 gd: Missing check for OOB read in dynamicGetbuf() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of F
Bugzilla
CVE-2016-6911 gd, php: Missing check for OOB read in dynamicGetbuf()
bugzilla·2016-10-26·CVSS 5.5
CVE-2016-6911 [MEDIUM] CVE-2016-6911 gd, php: Missing check for OOB read in dynamicGetbuf()
CVE-2016-6911 gd, php: Missing check for OOB read in dynamicGetbuf()
It was found that dynamicGetbuf() doesn't check for out-of-bounds read and returns wrong return code.
Discussion:
Created gd tracking bugs for this issue:
Affects: fedora-all [bug 1388788]
---
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1388790]
---
Created attachment 1214203
CVE-2016-6911 patch
---
Why the patch is not published to upstream?
Who created the fix please?
---
(In reply to Marek Skalický from comment #4)
> Why the patch is not published to upstream?
> Who created the fix please?
I took it from https://bugzilla.suse.com/show_bug.cgi?id=1005274#c0
---
Pull request to upstream
https://github.com/libgd/libgd/pull/353
Bugzilla
CVE-2016-6911 php: gd: Missing check for OOB read in dynamicGetbuf() [fedora-all]
bugzilla·2016-10-26·CVSS 5.5
CVE-2016-6911 [MEDIUM] CVE-2016-6911 php: gd: Missing check for OOB read in dynamicGetbuf() [fedora-all]
CVE-2016-6911 php: gd: Missing check for OOB read in dynamicGetbuf() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
http://www.debian.org/security/2016/dsa-3693http://www.securityfocus.com/bid/95840https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.mdhttps://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35aehttps://github.com/libgd/libgd/pull/353http://www.debian.org/security/2016/dsa-3693http://www.securityfocus.com/bid/95840https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.mdhttps://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35aehttps://github.com/libgd/libgd/pull/353
2017-01-26
Published