#VU7576 Integer overflow


Published: 2017-07-19

Vulnerability identifier: #VU7576

Vulnerability risk: High

CVSSv3.1:

CVE-ID: CVE-2016-10168

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
GD Graphics Library
Universal components / Libraries / Libraries used by multiple products

Vendor: Boutell.Com, Inc.

Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.

The vulnerability exists due to integer overflow when processing the number of horizontal and vertical chunks in an image in gd_io.c. A remote attacker create a specially crafted image file, trigger memory corruption and crash the affected application or execute arbitrary code on the target system.

Mitigation
Update to version 2.2.4.

Vulnerable software versions

GD Graphics Library: 2.1.0 - 2.2.3


CPE

External links
http://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability