Published: 07/08/2016 Updated: 30/10/2018

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

gd_xbm.c in the GD Graphics Library (aka libgd) prior to 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent malicious users to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libgd libgd
opensuse leap 42.1
debian debian linux 8.0

The GD library could be made to crash or run programs if it processed a specially crafted image file ...

Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library (application crash), or potentially to execute arbitrary code with the privileges of the user running the a ...

Debian Bug report logs - #829694 libgd2: CVE-2016-6132: read out-of-bands was found in the parsing of TGA files Package: libgd2; Maintainer for libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Hugo Lefeuvre <hle@debianorg> Date: Tue, 5 Jul 2016 12:24:01 UTC Severity: important Tags: security, upstream ...

Debian Bug report logs - #829062 libgd2: CVE-2016-6128: Invalid color index is not properly handled leading to denial of service Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 30 Jun 2016 07:39:01 UTC Severity: i ...

Debian Bug report logs - #829014 libgd2: CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 29 Jun 2016 19:15:02 UTC Severity: important T ...

gd_xbmc in the GD Graphics Library (aka libgd) before 220, as used in certain custom PHP 55x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name ...

CWE-119 https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 http://www.openwall.com/lists/oss-security/2016/05/29/5 https://github.com/libgd/libgd/issues/211 http://www.debian.org/security/2016/dsa-3619 http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html http://www.ubuntu.com/usn/USN-3030-1 https://usn.ubuntu.com/3030-1/https://nvd.nist.gov

CVE-2016-5116

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect