CVE-2016-5766
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-5766
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5766.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-5766
- Downstream
- Related
- Published
- 2016-08-07T10:59:13Z
- Modified
- 2025-10-18T08:43:56.736129Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Integer overflow in the gd2GetHeader function in gdgd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
- References
-
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://rhn.redhat.com/errata/RHSA-2016-2598.html
- http://rhn.redhat.com/errata/RHSA-2016-2750.html
- http://www.debian.org/security/2016/dsa-3619
- http://www.openwall.com/lists/oss-security/2016/06/23/4
- http://www.ubuntu.com/usn/USN-3030-1
- https://bugs.php.net/bug.php?id=72339
- https://libgd.github.io/release-2.2.3.html
- https://security.gentoo.org/glsa/201612-09
- http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
Affected packages
Git / github.com/libgd/libgd
Git / github.com/libgd/libgd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/php/php-src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
NEWS
NEWS-cvs2svn
php-5.*
php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
Database specific
vanir_signatures
[
{
"source": "https://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac",
"deprecated": false,
"digest": {
"line_hashes": [
"183820387990733455444215637150999073887",
"18021834238201414578949441055038262345",
"334593034626459571743002698430345110480",
"26461974233900450150030247144867305325",
"311283463863000022992454365625253102445",
"161485522429828841158027215741124660130",
"296161358142553532313520047422480048852",
"222587787824174595950097709248827618808",
"264774293065332262917206835414693640688"
],
"threshold": 0.9
},
"target": {
"file": "ext/gd/libgd/gd_gd2.c"
},
"id": "CVE-2016-5766-3e6237a7",
"signature_type": "Line",
"signature_version": "v1"
},
{
"source": "https://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac",
"deprecated": false,
"digest": {
"function_hash": "339190344963408527699679556574785110748",
"length": 2569.0
},
"target": {
"file": "ext/gd/libgd/gd_gd2.c",
"function": "_gd2GetHeader"
},
"id": "CVE-2016-5766-a4bb7314",
"signature_type": "Function",
"signature_version": "v1"
}
]