CVE-2016-5766
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-5766
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5766.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-5766
- Downstream
- Related
- Published
- 2016-08-07T10:59:13Z
- Modified
- 2025-09-30T02:28:40.474138Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Integer overflow in the gd2GetHeader function in gdgd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
- References
-
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://rhn.redhat.com/errata/RHSA-2016-2598.html
- http://rhn.redhat.com/errata/RHSA-2016-2750.html
- http://www.debian.org/security/2016/dsa-3619
- http://www.openwall.com/lists/oss-security/2016/06/23/4
- http://www.ubuntu.com/usn/USN-3030-1
- https://bugs.php.net/bug.php?id=72339
- https://libgd.github.io/release-2.2.3.html
- https://security.gentoo.org/glsa/201612-09
- http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
Affected packages
Git / github.com/libgd/libgd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libgd/libgd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Type
- GIT
- Repo
- https://github.com/php/php-src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
GD_1_3_0
GD_1_4_0
GD_1_5_0
GD_1_6_0
GD_1_6_1
GD_1_6_2
GD_1_6_3
GD_1_7_0
GD_1_7_1
GD_1_7_2
GD_1_7_3
GD_1_8_0
GD_1_8_1
GD_1_8_3
GD_1_8_4
GD_2_0_0
GD_2_0_1
GD_2_0_10
GD_2_0_11
GD_2_0_12
GD_2_0_13
GD_2_0_14
GD_2_0_15
GD_2_0_17
GD_2_0_18
GD_2_0_19
GD_2_0_2
GD_2_0_20
GD_2_0_21
GD_2_0_22
GD_2_0_23
GD_2_0_24
GD_2_0_25
GD_2_0_26
GD_2_0_27
GD_2_0_28
GD_2_0_29
GD_2_0_3
GD_2_0_30
GD_2_0_31
GD_2_0_32
GD_2_0_33
GD_2_0_34RC1
GD_2_0_4
GD_2_0_5
GD_2_0_6
GD_2_0_7
GD_2_0_8
GD_2_0_9
NEWS
NEWS-cvs2svn
gd-2.*
gd-2.1.0
gd-2.1.0-alpha1
gd-2.1.0-rc1
gd-2.1.0-rc2
gd-2.1.1
gd-2.2.0
gd-2.2.1
gd-2.2.2
php-5.*
php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"source": "https://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac",
"target": {
"file": "ext/gd/libgd/gd_gd2.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"183820387990733455444215637150999073887",
"18021834238201414578949441055038262345",
"334593034626459571743002698430345110480",
"26461974233900450150030247144867305325",
"311283463863000022992454365625253102445",
"161485522429828841158027215741124660130",
"296161358142553532313520047422480048852",
"222587787824174595950097709248827618808",
"264774293065332262917206835414693640688"
]
},
"id": "CVE-2016-5766-3e6237a7",
"signature_version": "v1",
"signature_type": "Line"
},
{
"deprecated": false,
"source": "https://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac",
"target": {
"function": "_gd2GetHeader",
"file": "ext/gd/libgd/gd_gd2.c"
},
"digest": {
"function_hash": "339190344963408527699679556574785110748",
"length": 2569.0
},
"id": "CVE-2016-5766-a4bb7314",
"signature_version": "v1",
"signature_type": "Function"
}
]
}