CVE-2016-3074

Name: CVE-2016-3074
Creator: NVD / NIST
Published: 2016-04-26T14:59:01.207+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 36.97%

Last modified Jun 17, 2026

CVE-2016-3074 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.. EPSS estimates a 36.97% chance of exploitation in the next 30 days.

Description

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

36.97%

98.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-681

Affected Software

Vendor	Product	Versions
Libgd	Libgd	2.1.1
Debian	Debian Linux	7.0
Debian	Debian Linux	8.0
Fedoraproject	Fedora	23
Fedoraproject	Fedora	24
Canonical	Ubuntu Linux	12.04
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	15.10
Canonical	Ubuntu Linux	16.04
Opensuse	Opensuse	13.2
Php	Php	>= 5.5.0, < 5.5.35
Php	Php	>= 5.6.0, < 5.6.21
Php	Php	>= 7.0.0, < 7.0.6

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.htmlMailing List, Third Party Advisory
http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.htmlExploit, Third Party Advisory, VDB Entry
http://rhn.redhat.com/errata/RHSA-2016-2750.htmlThird Party Advisory
http://seclists.org/fulldisclosure/2016/Apr/72Exploit, Mailing List, Third Party Advisory
http://www.debian.org/security/2016/dsa-3556Third Party Advisory
http://www.debian.org/security/2016/dsa-3602Third Party Advisory
http://www.securityfocus.com/archive/1/538160/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/87087Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1035659Broken Link, Third Party Advisory, VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.383127Third Party Advisory
http://www.ubuntu.com/usn/USN-2987-1Third Party Advisory
https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19Patch, Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731Third Party Advisory
https://security.gentoo.org/glsa/201607-04Third Party Advisory
https://security.gentoo.org/glsa/201611-22Third Party Advisory
https://www.exploit-db.com/exploits/39736/Exploit, Third Party Advisory, VDB Entry
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.htmlMailing List, Third Party Advisory
http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.htmlExploit, Third Party Advisory, VDB Entry
http://rhn.redhat.com/errata/RHSA-2016-2750.htmlThird Party Advisory
http://seclists.org/fulldisclosure/2016/Apr/72Exploit, Mailing List, Third Party Advisory
http://www.debian.org/security/2016/dsa-3556Third Party Advisory
http://www.debian.org/security/2016/dsa-3602Third Party Advisory
http://www.securityfocus.com/archive/1/538160/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/87087Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1035659Broken Link, Third Party Advisory, VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.383127Third Party Advisory
http://www.ubuntu.com/usn/USN-2987-1Third Party Advisory
https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19Patch, Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731Third Party Advisory
https://security.gentoo.org/glsa/201607-04Third Party Advisory
https://security.gentoo.org/glsa/201611-22Third Party Advisory
https://www.exploit-db.com/exploits/39736/Exploit, Third Party Advisory, VDB Entry

Timeline

Published: Apr 26, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-3074?

How severe is CVE-2016-3074?

CVE-2016-3074 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 36.97% probability of exploitation in the next 30 days.

How do I fix CVE-2016-3074?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-3074?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST