Vulnerability Description
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libgd | Libgd | <= 2.2.1 |
| Php | Php | 5.5.0 |
| Opensuse | Leap | 42.1 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.htmlThird Party Advisory
- http://www.debian.org/security/2016/dsa-3619Third Party Advisory
- http://www.openwall.com/lists/oss-security/2016/05/29/5Mailing List
- http://www.ubuntu.com/usn/USN-3030-1
- https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4Issue TrackingPatchThird Party Advisory
- https://github.com/libgd/libgd/issues/211Issue TrackingThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.htmlThird Party Advisory
- http://www.debian.org/security/2016/dsa-3619Third Party Advisory
- http://www.openwall.com/lists/oss-security/2016/05/29/5Mailing List
- http://www.ubuntu.com/usn/USN-3030-1
- https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4Issue TrackingPatchThird Party Advisory
- https://github.com/libgd/libgd/issues/211Issue TrackingThird Party Advisory
FAQ
What is CVE-2016-5116?
CVE-2016-5116 is a vulnerability with a CVSS score of 9.1 (CRITICAL). gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory...
How severe is CVE-2016-5116?
CVE-2016-5116 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-5116?
Check the references section above for vendor advisories and patch information. Affected products include: Libgd Libgd, Php Php, Opensuse Leap, Debian Debian Linux.