CVE-2016-9317

Published: Jan 26, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.

Affected (1)

Products: Libgd: Libgd

Libgd

1 product

Libgd

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libgd Libgd	Up to 2.2.3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://www.debian.org/security/2017/dsa-3777

Source: cve@mitre.org

http://www.securityfocus.com/bid/95841

Source: cve@mitre.org

https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md

Source: cve@mitre.org

Issue TrackingPatchRelease NotesThird Party Advisory

https://github.com/libgd/libgd/commit/1846f48e5fcdde996e7c27a4bbac5d0aef183e4b

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://www.debian.org/security/2017/dsa-3777

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/95841

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchRelease NotesThird Party Advisory

https://github.com/libgd/libgd/commit/1846f48e5fcdde996e7c27a4bbac5d0aef183e4b

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.