| ID |
CVE-2016-3074
|
| Summary |
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:libgd:libgd:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:libgd:libgd:2.1.1:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 09-10-2018 - 19:59) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-189 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| redhat
via4
|
| advisories | | | rpms | - rh-php56-0:2.3-1.el6
- rh-php56-0:2.3-1.el7
- rh-php56-php-0:5.6.25-1.el6
- rh-php56-php-0:5.6.25-1.el7
- rh-php56-php-bcmath-0:5.6.25-1.el6
- rh-php56-php-bcmath-0:5.6.25-1.el7
- rh-php56-php-cli-0:5.6.25-1.el6
- rh-php56-php-cli-0:5.6.25-1.el7
- rh-php56-php-common-0:5.6.25-1.el6
- rh-php56-php-common-0:5.6.25-1.el7
- rh-php56-php-dba-0:5.6.25-1.el6
- rh-php56-php-dba-0:5.6.25-1.el7
- rh-php56-php-dbg-0:5.6.25-1.el6
- rh-php56-php-dbg-0:5.6.25-1.el7
- rh-php56-php-debuginfo-0:5.6.25-1.el6
- rh-php56-php-debuginfo-0:5.6.25-1.el7
- rh-php56-php-devel-0:5.6.25-1.el6
- rh-php56-php-devel-0:5.6.25-1.el7
- rh-php56-php-embedded-0:5.6.25-1.el6
- rh-php56-php-embedded-0:5.6.25-1.el7
- rh-php56-php-enchant-0:5.6.25-1.el6
- rh-php56-php-enchant-0:5.6.25-1.el7
- rh-php56-php-fpm-0:5.6.25-1.el6
- rh-php56-php-fpm-0:5.6.25-1.el7
- rh-php56-php-gd-0:5.6.25-1.el6
- rh-php56-php-gd-0:5.6.25-1.el7
- rh-php56-php-gmp-0:5.6.25-1.el6
- rh-php56-php-gmp-0:5.6.25-1.el7
- rh-php56-php-imap-0:5.6.25-1.el6
- rh-php56-php-intl-0:5.6.25-1.el6
- rh-php56-php-intl-0:5.6.25-1.el7
- rh-php56-php-ldap-0:5.6.25-1.el6
- rh-php56-php-ldap-0:5.6.25-1.el7
- rh-php56-php-mbstring-0:5.6.25-1.el6
- rh-php56-php-mbstring-0:5.6.25-1.el7
- rh-php56-php-mysqlnd-0:5.6.25-1.el6
- rh-php56-php-mysqlnd-0:5.6.25-1.el7
- rh-php56-php-odbc-0:5.6.25-1.el6
- rh-php56-php-odbc-0:5.6.25-1.el7
- rh-php56-php-opcache-0:5.6.25-1.el6
- rh-php56-php-opcache-0:5.6.25-1.el7
- rh-php56-php-pdo-0:5.6.25-1.el6
- rh-php56-php-pdo-0:5.6.25-1.el7
- rh-php56-php-pear-1:1.9.5-4.el6
- rh-php56-php-pear-1:1.9.5-4.el7
- rh-php56-php-pgsql-0:5.6.25-1.el6
- rh-php56-php-pgsql-0:5.6.25-1.el7
- rh-php56-php-process-0:5.6.25-1.el6
- rh-php56-php-process-0:5.6.25-1.el7
- rh-php56-php-pspell-0:5.6.25-1.el6
- rh-php56-php-pspell-0:5.6.25-1.el7
- rh-php56-php-recode-0:5.6.25-1.el6
- rh-php56-php-recode-0:5.6.25-1.el7
- rh-php56-php-snmp-0:5.6.25-1.el6
- rh-php56-php-snmp-0:5.6.25-1.el7
- rh-php56-php-soap-0:5.6.25-1.el6
- rh-php56-php-soap-0:5.6.25-1.el7
- rh-php56-php-tidy-0:5.6.25-1.el6
- rh-php56-php-xml-0:5.6.25-1.el6
- rh-php56-php-xml-0:5.6.25-1.el7
- rh-php56-php-xmlrpc-0:5.6.25-1.el6
- rh-php56-php-xmlrpc-0:5.6.25-1.el7
- rh-php56-runtime-0:2.3-1.el6
- rh-php56-runtime-0:2.3-1.el7
- rh-php56-scldevel-0:2.3-1.el6
- rh-php56-scldevel-0:2.3-1.el7
|
|
| refmap
via4
|
| bid | 87087 | | bugtraq | 20160421 CVE-2016-3074: libgd: signedness vulnerability | | confirm | | | debian | | | exploit-db | 39736 | | fedora | - FEDORA-2016-0c57b12c7b
- FEDORA-2016-5f91f43826
| | fulldisc | 20160421 CVE-2016-3074: libgd: signedness vulnerability | | gentoo | - GLSA-201607-04
- GLSA-201611-22
| | misc | http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.html | | sectrack | 1035659 | | slackware | SSA:2016-120-02 | | suse | openSUSE-SU-2016:1274 | | ubuntu | USN-2987-1 |
|
| Last major update |
09-10-2018 - 19:59 |
| Published |
26-04-2016 - 14:59 |
| Last modified |
09-10-2018 - 19:59 |
