CVE-2016-3074

Published on: 04/26/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:02 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

  • CVE-2016-3074 has been assigned by [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Debian -- Security Information -- DSA-3602-1 php5 www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3602
libgd 2.1.1 Signedness ≈ Packet Storm Exploit
packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.html
gd2: handle corrupt images better (CVE-2016-3074) · libgd/[email protected] · GitHub github.com
text/html
URL Logo CONFIRM github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
USN-2987-1: GD library vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2987-1
[SECURITY] Fedora 23 Update: gd-2.1.1-5.fc23 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-5f91f43826
[security-announce] openSUSE-SU-2016:1274-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1274
PHP LibGD CVE-2016-3074 Heap Buffer Overflow Vulnerability cve.report (archive)
text/html
URL Logo BID 87087
Document Display | HPE Support Center h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
libgd 2.1.1 - Signedness Heap Overflow - Linux remote Exploit www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 39736
[SECURITY] Fedora 24 Update: gd-2.1.1-7.fc24 lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-0c57b12c7b
Full Disclosure: CVE-2016-3074: libgd: signedness vulnerability Exploit
seclists.org
text/html
URL Logo FULLDISC 20160421 CVE-2016-3074: libgd: signedness vulnerability
GD: Multiple vulnerabilities (GLSA 201607-04) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201607-04
SecurityFocus web.archive.org
text/html
Inactive LinkNot Archived
URL Logo BUGTRAQ 20160421 CVE-2016-3074: libgd: signedness vulnerability
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2750
Debian -- Security Information -- DSA-3556-1 libgd2 www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3556
The Slackware Linux Project: Slackware Security Advisories www.slackware.com
text/html
URL Logo SLACKWARE SSA:2016-120-02
GD Library Heap Overflow in Processing Files Lets Remote Users Execute Arbitrary Code - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1035659
PHP: Multiple vulnerabilities (GLSA 201611-22) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201611-22

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux7.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux7.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
ApplicationLibgdLibgd2.1.1AllAllAll
ApplicationLibgdLibgd2.1.1AllAllAll
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:libgd:libgd:2.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:libgd:libgd:2.1.1:*:*:*:*:*:*:*: