CVE-2016-6161

Published on: 08/12/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:10 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

  • CVE-2016-6161 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
global out of bounds read when encoding gif from malformed input with gd2togif · Issue #209 · libgd/libgd · GitHub Third Party Advisory
github.com
text/html
URL Logo CONFIRM github.com/libgd/libgd/issues/209
oss-security - CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160705 CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif
USN-3030-1: GD library vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-3030-1
openSUSE-SU-2016:2117-1: moderate: Security update for gd lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:2117
oss-security - Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160705 Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif
Debian -- Security Information -- DSA-3619-1 libgd2 Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3619
openSUSE-SU-2016:2363-1: moderate: Security update for gd Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:2363

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
ApplicationLibgdLibgdAllAllAllAll
Operating
System
OpensuseLeap42.1AllAllAll
Operating
System
OpensuseLeap42.1AllAllAll
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*: