CVE-2016-10168
UnknownEPSS 3.72%
Last modified
CVE-2016-10168 is a vulnerability of currently unknown severity. Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.. EPSS estimates a 3.72% chance of exploitation in the next 30 days.
Description
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Libgd | Libgd | <= 2.2.3 |
References
- http://libgd.github.io/release-2.2.4.htmlVendor Advisory
- http://www.openwall.com/lists/oss-security/2017/01/26/1Mailing List, Patch, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2017/01/28/6Mailing List, Patch, Third Party Advisory
- http://www.securityfocus.com/bid/95869Third Party Advisory, VDB Entry
- https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6Issue Tracking, Patch, Third Party Advisory
- https://github.com/libgd/libgd/issues/354Issue Tracking, Patch, Third Party Advisory
- http://libgd.github.io/release-2.2.4.htmlVendor Advisory
- http://www.openwall.com/lists/oss-security/2017/01/26/1Mailing List, Patch, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2017/01/28/6Mailing List, Patch, Third Party Advisory
- http://www.securityfocus.com/bid/95869Third Party Advisory, VDB Entry
- https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6Issue Tracking, Patch, Third Party Advisory
- https://github.com/libgd/libgd/issues/354Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-10168?
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
How severe is CVE-2016-10168?
Severity scoring for CVE-2016-10168 is pending analysis. The EPSS model estimates a 3.72% probability of exploitation in the next 30 days.
How do I fix CVE-2016-10168?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2016-10168?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST