← Back

CVE-2016-5766

nvd nist
Published: Aug 7, 2016Modified: May 6, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.

Affected (22)

Products: Redhat: Openshift, Enterprise Linux · Freebsd: Freebsd · Libgd: Libgd · +2 more
Show all products
Redhat: Openshift, Enterprise Linux · Freebsd: Freebsd · Libgd: Libgd · Fedoraproject: Fedora · Debian: Debian Linux
Redhat
2 products
Openshift
Enterprise Linux
Freebsd
1 product
Freebsd
Libgd
1 product
Libgd
Fedoraproject
1 product
Fedora
Debian
1 product
Debian Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Openshift
Version 2.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Version 8.3
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux
Version 6.0
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Version 8.0
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux
Version 5
Configuration F
1 vulnerable · 40 platform
Vulnerable SoftwareAffected Versions
Libgd
Version 2.2.2
Running on/withPlatform Versions
Php
Php
Up to 5.5.36
Php
Php
Version 5.6.0 alpha1
Php
Php
Version 5.6.0 alpha2
Php
Php
Version 5.6.0 alpha3
Php
Php
Version 5.6.0 alpha4
Php
Php
Version 5.6.0 alpha5
Php
Php
Version 5.6.0 beta1
Php
Php
Version 5.6.0 beta2
Php
Php
Version 5.6.0 beta3
Php
Php
Version 5.6.0 beta4
Php
Php
Version 5.6.10
Php
Php
Version 5.6.11
Php
Php
Version 5.6.12
Php
Php
Version 5.6.13
Php
Php
Version 5.6.14
Php
Php
Version 5.6.15
Php
Php
Version 5.6.16
Php
Php
Version 5.6.17
Php
Php
Version 5.6.18
Php
Php
Version 5.6.19
Php
Php
Version 5.6.1
Php
Php
Version 5.6.20
Php
Php
Version 5.6.21
Php
Php
Version 5.6.22
Php
Php
Version 5.6.2
Php
Php
Version 5.6.3
Php
Php
Version 5.6.4
Php
Php
Version 5.6.5
Php
Php
Version 5.6.6
Php
Php
Version 5.6.7
Php
Php
Version 5.6.8
Php
Php
Version 5.6.9
Php
Php
Version 7.0.0
Php
Php
Version 7.0.1
Php
Php
Version 7.0.2
Php
Php
Version 7.0.3
Php
Php
Version 7.0.4
Php
Php
Version 7.0.5
Php
Php
Version 7.0.6
Php
Php
Version 7.0.7
Configuration G
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Version 10.0
Configuration H
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 23
Configuration I
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 8.0
Configuration J
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Version 10.1
Configuration K
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 24
Configuration L
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Version 8.4
Configuration M
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Version 9.2
Configuration N
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Version 8.2
Configuration O
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Version 8.1
Configuration P
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Version 9.0
Configuration Q
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Version 10.2
Configuration R
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 22
Configuration S
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Version 9.3
Configuration T
1 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux
Version 7.0
Configuration U
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Version 10.3
Configuration V
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Version 9.1

Related CWEs

CWE-190
Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (30)

Source: cve@mitre.org
ExploitPatch
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Source: cve@mitre.org
ExploitPatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.