CVE-2016-5116 : gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

Published 2016-08-07 10:59:12

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-5116

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Libgd » Libgd
Versions up to, including, (<=) 2.2.1
cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*
Matching versions
When used together with: PHP » PHP » Version: 5.5.0
When used together with: PHP » PHP » Version: 5.5.0 Update Alpha1
When used together with: PHP » PHP » Version: 5.5.0 Update Alpha2
When used together with: PHP » PHP » Version: 5.5.0 Update Alpha3
When used together with: PHP » PHP » Version: 5.5.0 Update Alpha4
When used together with: PHP » PHP » Version: 5.5.0 Update Alpha5
When used together with: PHP » PHP » Version: 5.5.0 Update Alpha6
When used together with: PHP » PHP » Version: 5.5.0 Update Beta1
When used together with: PHP » PHP » Version: 5.5.0 Update Beta2
When used together with: PHP » PHP » Version: 5.5.0 Update Beta3
When used together with: PHP » PHP » Version: 5.5.0 Update Beta4
When used together with: PHP » PHP » Version: 5.5.0 Update RC1
When used together with: PHP » PHP » Version: 5.5.0 Update RC2
When used together with: PHP » PHP » Version: 5.5.1
When used together with: PHP » PHP » Version: 5.5.2
When used together with: PHP » PHP » Version: 5.5.3
When used together with: PHP » PHP » Version: 5.5.4
When used together with: PHP » PHP » Version: 5.5.5
When used together with: PHP » PHP » Version: 5.5.6
When used together with: PHP » PHP » Version: 5.5.7
When used together with: PHP » PHP » Version: 5.5.8
When used together with: PHP » PHP » Version: 5.5.9
When used together with: PHP » PHP » Version: 5.5.10
When used together with: PHP » PHP » Version: 5.5.11
When used together with: PHP » PHP » Version: 5.5.12
When used together with: PHP » PHP » Version: 5.5.13
When used together with: PHP » PHP » Version: 5.5.14
When used together with: PHP » PHP » Version: 5.5.18
When used together with: PHP » PHP » Version: 5.5.19
When used together with: PHP » PHP » Version: 5.5.20
When used together with: PHP » PHP » Version: 5.5.21
When used together with: PHP » PHP » Version: 5.5.22
When used together with: PHP » PHP » Version: 5.5.23
When used together with: PHP » PHP » Version: 5.5.24
When used together with: PHP » PHP » Version: 5.5.25
When used together with: PHP » PHP » Version: 5.5.26
When used together with: PHP » PHP » Version: 5.5.27
When used together with: PHP » PHP » Version: 5.5.28
When used together with: PHP » PHP » Version: 5.5.29
When used together with: PHP » PHP » Version: 5.5.30
When used together with: PHP » PHP » Version: 5.5.31
When used together with: PHP » PHP » Version: 5.5.32
When used together with: PHP » PHP » Version: 5.5.33
When used together with: PHP » PHP » Version: 5.5.34
When used together with: PHP » PHP » Version: 5.5.35
When used together with: PHP » PHP » Version: 5.5.37
Opensuse » Leap » Version: 42.1
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-5116

EPSS FAQ

1.79%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-5116

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
9.1	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H	3.9	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE ids for CVE-2016-5116

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-5116

https://github.com/libgd/libgd/issues/211

gdCtxPrintf vsnprintf return value not checked - leaks stack memory · Issue #211 · libgd/libgd · GitHub
Issue Tracking;Third Party Advisory
http://www.debian.org/security/2016/dsa-3619

Debian -- Security Information -- DSA-3619-1 libgd2
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2016/05/29/5

oss-security - Re: CVE Request: libgd - gdCtxPrintf memory leak
Mailing List
https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4

xbm: avoid stack overflow (read) with large names #211 · libgd/libgd@4dc1a2d · GitHub
Issue Tracking;Patch;Third Party Advisory
http://www.ubuntu.com/usn/USN-3030-1

USN-3030-1: GD library vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html

openSUSE-SU-2016:2363-1: moderate: Security update for gd
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-5116

Products affected by CVE-2016-5116

Exploit prediction scoring system (EPSS) score for CVE-2016-5116

CVSS scores for CVE-2016-5116

CWE ids for CVE-2016-5116

References for CVE-2016-5116