Your submission was sent successfully! Close

CVE-2016-6207

Published: 21 July 2016

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
libgd2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.1.1-4ubuntu0.16.04.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.1.0-3ubuntu0.3)
Patches:
Upstream: https://github.com/libgd/libgd/commit/0dd40abd6d5b3e53a6b745dd4d6cf94b70010989
Upstream: https://github.com/libgd/libgd/commit/d325888a9fe3c9681e4a9aad576de2c5cd5df2ef
Upstream: https://github.com/libgd/libgd/commit/ff9113c80a32205d45205d3ea30965b25480e0fb
Upstream: https://github.com/libgd/libgd/commit/f60ec7a546499f9446063a4dbe755be9523d8232
Upstream: https://github.com/libgd/libgd/commit/7a28c235890c95e6010e7b0d0f7c7369367168ef
Upstream: https://github.com/libgd/libgd/commit/0dd1706c14abced200f8e5f83d2f86dc44cd9508
Upstream: https://github.com/libgd/libgd/commit/8b7e76dd370e068515162e74986f7968dddc7384
php5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(uses system gd)
php7.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(uses system gd)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist