CVE-2016-6912
published 2017-01-26CVE-2016-6912: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact…
PriorityP343critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.45%
90.2th percentile
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | < libgd2 2.2.4-1 (bookworm) | libgd2 2.2.4-1 (bookworm) |
| libgd | libgd | <= 2.2.3 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GD library vulnerabilities
vendor_ubuntu·2017-02-28·CVSS 9.8
CVE-2016-10166 [CRITICAL] GD library vulnerabilities
Title: GD library vulnerabilities
Summary: The GD library could be made to crash or run programs if it processed a
specially crafted image file.
Stefan Esser discovered that the GD library incorrectly handled memory when
processing certain images. If a user or automated system were tricked into
processing a specially crafted image, an attacker could cause a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10166)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an attacker could cause a denial of service.
(CVE-2016-10167)
It was discovered that the GD library incorrectly hand
Red Hat
php: Double free in gdImageWebpPtr()
vendor_redhat·2016-08-16·CVSS 9.8
CVE-2016-6912 [CRITICAL] CWE-416 php: Double free in gdImageWebpPtr()
php: Double free in gdImageWebpPtr()
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
Package: gd (Red Hat Enterprise Linux 5) - Not affected
Package: libwmf (Red Hat Enterprise Linux 5) - Not affected
Package: php (Red Hat Enterprise Linux 5) - Not affected
Package: php53 (Red Hat Enterprise Linux 5) - Not affected
Package: gd (Red Hat Enterprise Linux 6) - Not affected
Package: libwmf (Red Hat Enterprise Linux 6) - Not affected
Package: php (Red Hat Enterprise Linux 6) - Not affected
Package: gd (Red Hat Enterprise Linux 7) - Not affected
Package: libwmf (Red Hat Enterprise Linux 7) - Not affected
Package: php (Red Hat Enterprise Linu
Debian
CVE-2016-6912: libgd2 - Double free vulnerability in the gdImageWebPtr function in the GD Graphics Libra...
vendor_debian·2016·CVSS 9.8
CVE-2016-6912 [CRITICAL] CVE-2016-6912: libgd2 - Double free vulnerability in the gdImageWebPtr function in the GD Graphics Libra...
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
Scope: local
bookworm: resolved (fixed in 2.2.4-1)
bullseye: resolved (fixed in 2.2.4-1)
forky: resolved (fixed in 2.2.4-1)
sid: resolved (fixed in 2.2.4-1)
trixie: resolved (fixed in 2.2.4-1)
VulDB
GD Graphics Library up to 2.2.3 gdImageWebPtr width/height double free (Nessus ID 96706 / ID 276384)
vuldb·2026-05-14·CVSS 9.8
CVE-2016-6912 [CRITICAL] GD Graphics Library up to 2.2.3 gdImageWebPtr width/height double free (Nessus ID 96706 / ID 276384)
A vulnerability classified as critical was found in GD Graphics Library up to 2.2.3. The impacted element is the function gdImageWebPtr. Such manipulation of the argument width/height leads to double free.
This vulnerability is documented as CVE-2016-6912. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is advised.
GHSA
GHSA-wmff-45hx-q83q: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2
ghsa_unreviewed·2022-05-17
CVE-2016-6912 [CRITICAL] CWE-415 GHSA-wmff-45hx-q83q: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
OSV
libgd2 vulnerabilities
osv·2017-02-28·CVSS 9.8
CVE-2016-10166 [CRITICAL] libgd2 vulnerabilities
libgd2 vulnerabilities
Stefan Esser discovered that the GD library incorrectly handled memory when
processing certain images. If a user or automated system were tricked into
processing a specially crafted image, an attacker could cause a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10166)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an attacker could cause a denial of service.
(CVE-2016-10167)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an atta
OSV
CVE-2016-6912: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2
osv·2017-01-26·CVSS 9.8
CVE-2016-6912 [CRITICAL] CVE-2016-6912: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 php: various flaws [fedora-all]
bugzilla·2017-02-03·CVSS 9.8
CVE-2016-10166 [CRITICAL] CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 php: various flaws [fedora-all]
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 php: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported
Bugzilla
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 CVE-2016-9317 libwmf: various flaws [fedora-all]
bugzilla·2017-02-03·CVSS 9.8
CVE-2016-10166 [CRITICAL] CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 CVE-2016-9317 libwmf: various flaws [fedora-all]
CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 CVE-2016-9317 libwmf: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects m
Bugzilla
CVE-2016-6912 gd, php: Double free in gdImageWebpPtr()
bugzilla·2017-01-31·CVSS 9.8
CVE-2016-6912 [CRITICAL] CVE-2016-6912 gd, php: Double free in gdImageWebpPtr()
CVE-2016-6912 gd, php: Double free in gdImageWebpPtr()
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
Upstream patch:
https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1418991]
---
Created libwmf tracking bugs for this issue:
Affects: fedora-all [bug 1418992]
---
Will the fix for Fedora port to Red Hat soon?
---
Redirecting flag to correct reporter.
---
(In reply to Carl Song from comment #3)
> Will the fix for Fedora port to Red Hat soon?
Please contact Red Hat support staff for questions regarding updates for Red Hat prod
arXiv
Poster: Machine Learning for Vulnerability Detection as Target Oracle in Automated Fuzz Driver Generation
arxiv_fulltext·2025-05-02
Poster: Machine Learning for Vulnerability Detection as Target Oracle in Automated Fuzz Driver Generation
Poster: Machine Learning for Vulnerability Detection as Target Oracle in Automated Fuzz Driver Generation
ML4VD as Target Oracle in AFDG
Gianpietro CastiglioneThese authors contributed equally
Marcello Maugeri1
Giampaolo Bella
Castiglione, Maugeri and Bella
University of Catania, Italy
\gianpietro.castiglione,marcello.maugeri\@phd.unict.it
[email protected]
## Abstract
In vulnerability detection, machine learning has been used as an effective static analysis technique, although it suffers from a significant rate of false positives.
Contextually, in vulnerability discovery, fuzzing has been used as an effective dynamic analysis technique, although it requires manually writing fuzz drivers.
Fuzz drivers usually target a limited subset of functions in a library that must be chos
http://www.debian.org/security/2017/dsa-3777http://www.securityfocus.com/bid/95843https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.mdhttps://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2http://www.debian.org/security/2017/dsa-3777http://www.securityfocus.com/bid/95843https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.mdhttps://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
2017-01-26
Published