Vulnerability Details : CVE-2016-5766
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-5766
- cpe:2.3:o:freebsd:freebsd:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:8.3:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:9.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:openshift:2.0:*:enterprise:*:*:*:*:*
- cpe:2.3:a:libgd:libgd:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Threat overview for CVE-2016-5766
Top countries where our scanners detected CVE-2016-5766
Top open port discovered on systems with this issue
53
IPs affected by CVE-2016-5766 147,492
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-5766!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-5766
24.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5766
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-5766
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5766
-
http://rhn.redhat.com/errata/RHSA-2016-2598.html
RHSA-2016:2598 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201612-09
GD: Multiple vulnerabilities (GLSA 201612-09) — Gentoo security
-
http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap ov… · php/php-src@7722455 · GitHubExploit;Patch
-
http://www.debian.org/security/2016/dsa-3619
Debian -- Security Information -- DSA-3619-1 libgd2Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/06/23/4
oss-security - Re: CVE for PHP 5.5.37 issuesRelease Notes
-
https://libgd.github.io/release-2.2.3.html
LibGD 2.2.3 releaseRelease Notes
-
https://bugs.php.net/bug.php?id=72339
PHP :: Sec Bug #72339 :: Integer Overflow in _gd2GetHeader() resulting in heap overflowExploit;Patch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
[security-announce] openSUSE-SU-2016:1761-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
[security-announce] SUSE-SU-2016:2013-1: important: Security update for
-
http://www.ubuntu.com/usn/USN-3030-1
USN-3030-1: GD library vulnerabilities | Ubuntu security notices
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities
-
http://rhn.redhat.com/errata/RHSA-2016-2750.html
RHSA-2016:2750 - Security Advisory - Red Hat Customer Portal
-
http://php.net/ChangeLog-7.php
PHP: PHP 7 ChangeLogRelease Notes
-
http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
openSUSE-SU-2016:1922-1: moderate: Security update for php5
-
http://php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLogRelease Notes
Jump to