CVE-2016-5116

Published: 30 May 2016

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

Priority

Low

CVSS 3 base score: 9.1

Status

Package Release Status
libgd2
Launchpad, Ubuntu, Debian
Upstream
Released (2.2.1-1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (2.1.1-4ubuntu0.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.1.0-3ubuntu0.2)
Patches:
Upstream: https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4
php5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(uses system gd)
php7.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(uses system gd)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist