Lucene search

[email protected]CVE-2016-6207

HistoryAug 12, 2016 - 3:59 p.m.

CVE-2016-6207

2016-08-1215:59:03

CWE-119

CWE-190

CWE-787

[email protected]

web.nvd.nist.gov

122

cve-2016-6207

integer overflow

_gdcontributionsalloc

gd_interpolation.c

libgd

denial of service

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

Affected configurations

NVD

Node

libgdlibgdRange≤2.2.2

debiandebian_linuxMatch8.0

opensuseleapMatch42.1

Node

phpphpRange5.5.0–5.5.38

phpphpRange5.6.0–5.6.24

phpphpRange7.0.0–7.0.9

CPENameOperatorVersion
libgd:libgdlibgdle2.2.2
debian:debian_linuxdebian debian linuxeq8.0
opensuse:leapopensuse leapeq42.1

CPE	Name	Operator	Version
libgd:libgd	libgd	le	2.2.2
debian:debian_linux	debian debian linux	eq	8.0
opensuse:leap	opensuse leap	eq	42.1

References

lists.opensuse.org/opensuse-updates/2016-08/msg00086.html

lists.opensuse.org/opensuse-updates/2016-09/msg00078.html

packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html

rhn.redhat.com/errata/RHSA-2016-2750.html

www.debian.org/security/2016/dsa-3630

www.securityfocus.com/archive/1/539100/100/0/threaded

www.securityfocus.com/bid/92080

www.securitytracker.com/id/1036535

www.ubuntu.com/usn/USN-3060-1

bugs.php.net/bug.php?id=72558

libgd.github.io/release-2.2.3.html

secunia.com/secunia_research/2016-9/

security.gentoo.org/glsa/201612-09

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

Related for CVE-2016-6207

openvas14 cvelist1 debian2 prion1 debiancve1 nessus20 nvd1 f52 ubuntucve1 redhatcve1 alpinelinux1 fedora2 slackware1 mageia1 ubuntu1 freebsd1 gentoo1 cloudfoundry1 fortinet1 suse4 veracode57 redhat1