CVE-2016-10168
HIGHlibgd < 2.2.4 - Integer Overflow in gd_io.c via Image Chunk Counts
Title source: llmDescription
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
References (10)
Core 10
Core References
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2017/01/26/1
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2017/01/28/6
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1296
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
Vendor Advisory x_refsource_confirm
http://libgd.github.io/release-2.2.4.html
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/libgd/libgd/issues/354
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3777
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95869
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037659
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3221
Scores
CVSS v3
7.8
EPSS
0.0372
EPSS Percentile
88.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (1)
libgd/libgd
< 2.2.3
Published
Mar 15, 2017
Tracked Since
Feb 18, 2026