#VU7576 Integer overflow in GD Graphics Library - CVE-2016-10168


Vulnerability identifier: #VU7576

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-10168

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
GD Graphics Library
Universal components / Libraries / Libraries used by multiple products

Vendor: Boutell.Com, Inc.

Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.

The vulnerability exists due to integer overflow when processing the number of horizontal and vertical chunks in an image in gd_io.c. A remote attacker create a specially crafted image file, trigger memory corruption and crash the affected application or execute arbitrary code on the target system.

Mitigation
Update to version 2.2.4.

Vulnerable software versions

GD Graphics Library: 2.1.0 - 2.2.3

External links
https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat update for php
Slackware Linux update for libwmf
Red Hat update for libgd
Slackware Linux update for gd
Amazon Linux AMI update for php70
Amazon Linux AMI update for php56
SUSE Linux update for php53
Slackware Linux update for php
Integer overflow in gd (Alpine package)