Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2016-6911

Published: 26/01/2017 Updated: 04/11/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Libgd

Vulnerability Summary

The dynamicGetbuf function in the GD Graphics Library (aka libgd) prior to 2.2.4 allows remote malicious users to cause a denial of service (out-of-bounds read) via a crafted TIFF image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libgd libgd

Vendor Advisories

Ubuntu Security Notice: libgd2 vulnerabilities
The GD library could be made to crash or run programs if it processed a specially crafted image file ...
Debian CVElist Bug Report Logs: libgd2: CVE-2016-6911: invalid read in gdImageCreateFromTiffPtr()
Debian Bug report logs - #840806 libgd2: CVE-2016-6911: invalid read in gdImageCreateFromTiffPtr() Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 15 Oct 2016 05:09:05 UTC Severity: grave Tags: patch, security, up ...
Debian CVElist Bug Report Logs: libgd2: CVE-2016-7568: Integer overflow in gdImageWebpCtx
Debian Bug report logs - #839659 libgd2: CVE-2016-7568: Integer overflow in gdImageWebpCtx Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 3 Oct 2016 15:27:02 UTC Severity: grave Tags: fixed-upstream, patch, secu ...
Debian CVElist Bug Report Logs: libgd2: CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf
Debian Bug report logs - #840805 libgd2: CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 15 Oct 2016 05:03:01 UTC Severity: grave Tags: security, upstream ...
Arch Linux Issues:
A vulnerability was found in gd as used in php The function dynamicGetbuf() failed to check for out of bounds reads An attacker could create a crafted image that would lead to a crash or, potentially, information disclosure ...

References

CWE-125https://github.com/libgd/libgd/pull/353https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35aehttps://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.mdhttp://www.securityfocus.com/bid/95840http://www.debian.org/security/2016/dsa-3693https://usn.ubuntu.com/3117-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook