Integer overflow in GD Graphics Library - CVE-2016-10168
Published: July 19, 2017
Vulnerability identifier: #VU7576
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-10168
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Boutell.Com, Inc.
Affected software:
GD Graphics Library
GD Graphics Library
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.
The vulnerability exists due to integer overflow when processing the number of horizontal and vertical chunks in an image in gd_io.c. A remote attacker create a specially crafted image file, trigger memory corruption and crash the affected application or execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing the number of horizontal and vertical chunks in an image in gd_io.c. A remote attacker create a specially crafted image file, trigger memory corruption and crash the affected application or execute arbitrary code on the target system.
How to mitigate CVE-2016-10168
Update to version 2.2.4.