Improper input validation in gd (Alpine package)

Published: 2016-05-23
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2016-10167
Exploitation vector Network
Public exploit N/A
Vulnerable software
gd (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper input validation


Risk: Low


CVE-ID: CVE-2016-10167

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing images in gdImageCreateFromGd2Ctx() function in gd_gd2.c. A remote attacker can supply a malformed image and crash the application, using the affected library.


Install update from vendor's website.

Vulnerable software versions

gd (Alpine package): 2.1.1-r2

gd (Alpine package):

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?