gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.
{ "vanir_signatures": [ { "deprecated": false, "target": { "function": "gdImageXbmCtx", "file": "src/gd_xbm.c" }, "source": "https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4", "signature_type": "Function", "id": "CVE-2016-5116-2c83dd3e", "signature_version": "v1", "digest": { "function_hash": "159732849098274341352919018137382865240", "length": 1437.0 } }, { "deprecated": false, "target": { "file": "src/gd_xbm.c" }, "source": "https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4", "signature_type": "Line", "id": "CVE-2016-5116-41870929", "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "45446309610186637121537505383792093410", "265905027050232767493273108757908362247", "33880144858283707541817879245031416904", "218305928582978842128241372718436549115", "256244119785605007248422930174615791543", "253758725510508772508363173779679192748", "68483349420796518696459711596542909788", "74395346714304077413397129009478721316", "159233106803560269695689526086168933696", "122476412516029492119399838354455694923", "147202700807701675432947523147302272779", "165541713406580544154107895245655823908", "318612835839705280670649476684004771066", "16883678198067729595338841462367864144", "165654997791556511415724280720000445993", "146954115355138684746230718289110638235", "168041509013837465422342443672834825193", "202242598604278395000708774946506096569", "171800542763170613578730856458574116284", "52214021197683462104019989292556730579", "39446760264591832102619175847381075691" ] } }, { "deprecated": false, "target": { "function": "gdCtxPrintf", "file": "src/gd_xbm.c" }, "source": "https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4", "signature_type": "Function", "id": "CVE-2016-5116-8cf1ef89", "signature_version": "v1", "digest": { "function_hash": "38154755681792414440026108603311973871", "length": 262.0 } } ] }