Your submission was sent successfully! Close

CVE-2016-10168

Published: 31 December 2016

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
libgd2
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.1.1-4ubuntu0.16.04.6)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.1.0-3ubuntu0.6)
Patches:
Upstream: https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
php5
Launchpad, Ubuntu, Debian
Upstream
Released (5.6.30)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(uses system gd)
php7.0
Launchpad, Ubuntu, Debian
Upstream
Released (7.0.15)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(uses system gd)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

php7.1
Launchpad, Ubuntu, Debian
Upstream
Released (7.1.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist