CVE-2016-3074

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html

http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.html

http://rhn.redhat.com/errata/RHSA-2016-2750.html

http://seclists.org/fulldisclosure/2016/Apr/72

http://www.debian.org/security/2016/dsa-3556

http://www.debian.org/security/2016/dsa-3602

http://www.securityfocus.com/archive/1/538160/100/0/threaded

http://www.securityfocus.com/bid/87087

http://www.securitytracker.com/id/1035659

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.383127

http://www.ubuntu.com/usn/USN-2987-1

https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

https://security.gentoo.org/glsa/201607-04

https://security.gentoo.org/glsa/201611-22

https://www.exploit-db.com/exploits/39736/

Details

Source: MITRE

Published: 2016-04-26

Updated: 2018-10-09

Type: CWE-189

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
151294EulerOS Virtualization for ARM 64 3.0.2.0 : gd (EulerOS-SA-2021-2071)NessusHuawei Local Security Checks
critical
147535EulerOS Virtualization 3.0.2.6 : gd (EulerOS-SA-2021-1431)NessusHuawei Local Security Checks
critical
147432EulerOS Virtualization 3.0.6.6 : gd (EulerOS-SA-2021-1473)NessusHuawei Local Security Checks
critical
146178EulerOS 2.0 SP5 : gd (EulerOS-SA-2021-1189)NessusHuawei Local Security Checks
critical
132300EulerOS 2.0 SP3 : gd (EulerOS-SA-2019-2583)NessusHuawei Local Security Checks
critical
131674EulerOS 2.0 SP2 : gd (EulerOS-SA-2019-2521)NessusHuawei Local Security Checks
critical
98852PHP 7.0.x < 7.0.6 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98811PHP 5.6.x < 5.6.21 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
102073Juniper Junos libgd Compressed GD2 Data RCE (JSA10798)NessusJunos Local Security Checks
critical
95421GLSA-201611-22 : PHP: Multiple vulnerabilities (httpoxy)NessusGentoo Local Security Checks
critical
92348GLSA-201607-04 : GD: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
92118Fedora 22 : gd (2016-7d6cbcadca)NessusFedora Local Security Checks
critical
91814Tenable SecurityCenter < 5.3.2 Multiple Vulnerabilities (TNS-2016-09)NessusMisc.
critical
91615Debian DSA-3602-1 : php5 - security updateNessusDebian Local Security Checks
critical
91585openSUSE Security Update : php5 (openSUSE-2016-703)NessusSuSE Local Security Checks
critical
91423Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libgd2 vulnerabilities (USN-2987-1)NessusUbuntu Local Security Checks
critical
91071openSUSE Security Update : php5 (openSUSE-2016-576)NessusSuSE Local Security Checks
critical
90948Fedora 24 : gd-2.1.1-7.fc24 (2016-0c57b12c7b)NessusFedora Local Security Checks
critical
90922PHP 7.0.x < 7.0.6 Multiple VulnerabilitiesNessusCGI abuses
critical
90921PHP 5.6.x < 5.6.21 Multiple VulnerabilitiesNessusCGI abuses
critical
90920PHP 5.5.x < 5.5.35 Multiple VulnerabilitiesNessusCGI abuses
critical
90867Amazon Linux AMI : php56 / php55 (ALAS-2016-698)NessusAmazon Linux Local Security Checks
critical
90844FreeBSD : php -- multiple vulnerabilities (5764c634-10d2-11e6-94fa-002590263bf5)NessusFreeBSD Local Security Checks
critical
90812Fedora 23 : gd-2.1.1-5.fc23 (2016-5f91f43826)NessusFedora Local Security Checks
critical
90801Slackware 14.0 / 14.1 / current : php (SSA:2016-120-02)NessusSlackware Local Security Checks
critical
90688Debian DSA-3556-1 : libgd2 - security updateNessusDebian Local Security Checks
critical