CVE-2016-5116

MEDIUM

Description

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

References

http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html

http://www.debian.org/security/2016/dsa-3619

http://www.openwall.com/lists/oss-security/2016/05/29/5

http://www.ubuntu.com/usn/USN-3030-1

https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4

https://github.com/libgd/libgd/issues/211

Details

Source: MITRE

Published: 2016-08-07

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Impact Score: 5.2

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*

OR

cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.28:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.29:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.30:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.31:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.32:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.33:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.34:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.35:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.37:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (7 total)

ID	Name	Product	Family	Severity
93701	openSUSE Security Update : gd (openSUSE-2016-1108)	Nessus	SuSE Local Security Checks	medium
93506	SUSE SLED12 / SLES12 Security Update : gd (SUSE-SU-2016:2303-1)	Nessus	SuSE Local Security Checks	medium
92327	Debian DSA-3619-1 : libgd2 - security update	Nessus	Debian Local Security Checks	medium
92182	Fedora 23 : gd (2016-de6e26b8aa)	Nessus	Fedora Local Security Checks	medium
92078	Fedora 22 : gd (2016-363d307082)	Nessus	Fedora Local Security Checks	medium
92011	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libgd2 vulnerabilities (USN-3030-1)	Nessus	Ubuntu Local Security Checks	medium
91512	openSUSE Security Update : gd (openSUSE-2016-688)	Nessus	SuSE Local Security Checks	medium