Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
21 Nov 2024, 02:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.html - Mailing List, Third Party Advisory | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.html - Mailing List, Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html - Mailing List, Third Party Advisory | |
References | () http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://rhn.redhat.com/errata/RHSA-2016-2750.html - Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2016/Apr/72 - Exploit, Mailing List, Third Party Advisory | |
References | () http://www.debian.org/security/2016/dsa-3556 - Third Party Advisory | |
References | () http://www.debian.org/security/2016/dsa-3602 - Third Party Advisory | |
References | () http://www.securityfocus.com/archive/1/538160/100/0/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/87087 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1035659 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.383127 - Third Party Advisory | |
References | () http://www.ubuntu.com/usn/USN-2987-1 - Third Party Advisory | |
References | () https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19 - Patch, Third Party Advisory | |
References | () https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 - Third Party Advisory | |
References | () https://security.gentoo.org/glsa/201607-04 - Third Party Advisory | |
References | () https://security.gentoo.org/glsa/201611-22 - Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/39736/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2016-04-26 14:59
Updated : 2024-11-21 02:49
NVD link : CVE-2016-3074
Mitre link : CVE-2016-3074
CVE.ORG link : CVE-2016-3074
JSON object : View
Products Affected
php
- php
opensuse
- opensuse
libgd
- libgd
canonical
- ubuntu_linux
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-681
Incorrect Conversion between Numeric Types