CVE-2016-6911 — Out-of-bounds Read in Libgd

CWE-125 — Out-of-bounds Read CWE-391 — Unchecked Error Condition11 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.6%

top 29.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libgd

Timeline

PublishedJan 26

Latest updateMay 17

Description

The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDlibgd/libgd2.2.3

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-v5f2-456f-72fv: The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2↗2022-05-17

▶

OSV

CVE-2016-6911: The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2↗2017-01-26

▶

CVEList

CVE-2016-6911: The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2↗2017-01-26

▶

OSV

libgd2 vulnerabilities↗2016-11-01

▶

📋Vendor Advisories

Ubuntu

GD library vulnerabilities↗2016-11-01

▶

Red Hat

php: Missing check for OOB read in dynamicGetbuf()↗2016-10-15

▶

Debian

CVE-2016-6911: libgd2 - The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 a...↗2016

▶

💬Community

Bugzilla

CVE-2016-6911 gd: Missing check for OOB read in dynamicGetbuf() [fedora-all]↗2016-10-26

▶

Bugzilla

CVE-2016-6911 gd, php: Missing check for OOB read in dynamicGetbuf()↗2016-10-26

▶

Bugzilla

CVE-2016-6911 php: gd: Missing check for OOB read in dynamicGetbuf() [fedora-all]↗2016-10-26

▶