CVE-2016-3074 — CRITICAL (9.8)

Q: How severe is CVE-2016-3074?

CVE-2016-3074 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2016-3074?

Check the references section above for vendor advisories and patch information. Affected products include: Libgd Libgd, Debian Debian Linux, Fedoraproject Fedora, Canonical Ubuntu Linux, Opensuse Opensuse.

Vulnerability Description

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Libgd	Libgd	2.1.1
Debian	Debian Linux	7.0
Fedoraproject	Fedora	23
Canonical	Ubuntu Linux	12.04
Opensuse	Opensuse	13.2
Php	Php	>= 5.5.0, < 5.5.35

Related Weaknesses (CWE)

CWE-681

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.htmlMailing ListThird Party Advisory
http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.htmlExploitThird Party AdvisoryVDB Entry
http://rhn.redhat.com/errata/RHSA-2016-2750.htmlThird Party Advisory
http://seclists.org/fulldisclosure/2016/Apr/72ExploitMailing ListThird Party Advisory
http://www.debian.org/security/2016/dsa-3556Third Party Advisory
http://www.debian.org/security/2016/dsa-3602Third Party Advisory
http://www.securityfocus.com/archive/1/538160/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/87087Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1035659Broken LinkThird Party AdvisoryVDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackThird Party Advisory
http://www.ubuntu.com/usn/USN-2987-1Third Party Advisory
https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19PatchThird Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-cThird Party Advisory

FAQ

What is CVE-2016-3074?

CVE-2016-3074 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd...

How severe is CVE-2016-3074?

CVE-2016-3074 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-3074?

Check the references section above for vendor advisories and patch information. Affected products include: Libgd Libgd, Debian Debian Linux, Fedoraproject Fedora, Canonical Ubuntu Linux, Opensuse Opensuse.