#VU7574 Integer underflow in GD Graphics Library - CVE-2016-10166

Cybersecurity Help s.r.o.

Published: 2017-07-19

Vulnerability identifier: #VU7574

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-10166

CWE-ID: CWE-191

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
GD Graphics Library
Universal components / Libraries / Libraries used by multiple products

Vendor: Boutell.Com, Inc.

Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.

The vulnerability exists due to integer underflow when decrementing the "u" variable in _gdContributionsAlloc() function in gd_interpolation.c. A remote attacker create a specially crafted image file, trigger memory corruption and crash the affected application or execute arbitrary code on the target system.

Mitigation
Update to version 2.2.4.

Vulnerable software versions

GD Graphics Library: 2.1.0 - 2.2.3

External links
https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for rh-php72-php

Multiple vulnerabilities in PHP

Slackware Linux update for gd

SUSE Linux update for php53

Integer underflow in php5 (Alpine package)

Integer underflow in php7 (Alpine package)

Integer underflow in gd (Alpine package)