Lucene search

[email protected]CVE-2016-5116

HistoryAug 07, 2016 - 10:59 a.m.

CVE-2016-5116

2016-08-0710:59:12

CWE-119

[email protected]

web.nvd.nist.gov

cve-2016-5116

gd graphics library

libgd

php

context-dependent

sensitive information

denial of service

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

81.0%

JSON

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

Affected configurations

NVD

Node

libgdlibgdRange≤2.2.1

AND

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

phpphpMatch5.5.7

phpphpMatch5.5.8

phpphpMatch5.5.9

phpphpMatch5.5.10

phpphpMatch5.5.11

phpphpMatch5.5.12

phpphpMatch5.5.13

phpphpMatch5.5.14

phpphpMatch5.5.18

phpphpMatch5.5.19

phpphpMatch5.5.20

phpphpMatch5.5.21

phpphpMatch5.5.22

phpphpMatch5.5.23

phpphpMatch5.5.24

phpphpMatch5.5.25

phpphpMatch5.5.26

phpphpMatch5.5.27

phpphpMatch5.5.28

phpphpMatch5.5.29

phpphpMatch5.5.30

phpphpMatch5.5.31

phpphpMatch5.5.32

phpphpMatch5.5.33

phpphpMatch5.5.34

phpphpMatch5.5.35

phpphpMatch5.5.37

Node

opensuseleapMatch42.1

Node

debiandebian_linuxMatch8.0

CPENameOperatorVersion
libgd:libgdlibgdle2.2.1

CPE	Name	Operator	Version
libgd:libgd	libgd	le	2.2.1

References

lists.opensuse.org/opensuse-updates/2016-09/msg00078.html

www.debian.org/security/2016/dsa-3619

www.openwall.com/lists/oss-security/2016/05/29/5

www.ubuntu.com/usn/USN-3030-1

github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4

github.com/libgd/libgd/issues/211

Social References

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

81.0%

JSON

Related for CVE-2016-5116

veracode1 nvd1 debiancve1 redhatcve1 cvelist1 nessus7 alpinelinux1 prion1 ubuntucve1 osv1 fedora2 openvas7 mageia1 f52 ubuntu1 debian2 cloudfoundry1