CVE-2016-10168

high

Description

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.

References

Advisories
More

https://github.com/libgd/libgd/issues/354

https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6

http://www.securityfocus.com/bid/95869

http://www.openwall.com/lists/oss-security/2017/01/28/6

http://www.openwall.com/lists/oss-security/2017/01/26/1

https://access.redhat.com/errata/RHSA-2018:1296

https://access.redhat.com/errata/RHSA-2017:3221

http://www.securitytracker.com/id/1037659

http://www.debian.org/security/2017/dsa-3777

http://libgd.github.io/release-2.2.4.html

Details

Source: Mitre, NVD

Published: 2017-03-15

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00185

Detections

Analytics