CVE-2016-6911

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-6911
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6911.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-6911
Downstream
Related
Published
2017-01-26T15:59:00Z
Modified
2025-10-15T08:20:32.940698Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.

References

Affected packages

Git / github.com/libgd/libgd

Affected ranges

Type
GIT
Repo
https://github.com/libgd/libgd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae

Affected versions

Other

GD_1_3_0
GD_1_4_0
GD_1_5_0
GD_1_6_0
GD_1_6_1
GD_1_6_2
GD_1_6_3
GD_1_7_0
GD_1_7_1
GD_1_7_2
GD_1_7_3
GD_1_8_0
GD_1_8_1
GD_1_8_3
GD_1_8_4
GD_2_0_0
GD_2_0_1
GD_2_0_10
GD_2_0_11
GD_2_0_12
GD_2_0_13
GD_2_0_14
GD_2_0_15
GD_2_0_17
GD_2_0_18
GD_2_0_19
GD_2_0_2
GD_2_0_20
GD_2_0_21
GD_2_0_22
GD_2_0_23
GD_2_0_24
GD_2_0_25
GD_2_0_26
GD_2_0_27
GD_2_0_28
GD_2_0_29
GD_2_0_3
GD_2_0_30
GD_2_0_31
GD_2_0_32
GD_2_0_33
GD_2_0_34RC1
GD_2_0_4
GD_2_0_5
GD_2_0_6
GD_2_0_7
GD_2_0_8
GD_2_0_9

gd-2.*

gd-2.1.0
gd-2.1.0-alpha1
gd-2.1.0-rc1
gd-2.1.0-rc2
gd-2.1.1
gd-2.2.0
gd-2.2.1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "id": "CVE-2016-6911-1d41f52b",
        "source": "https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "src/gd_tiff.c",
            "function": "createFromTiffRgba"
        },
        "digest": {
            "function_hash": "243521294658306343916129007328175124823",
            "length": 736.0
        }
    },
    {
        "signature_version": "v1",
        "id": "CVE-2016-6911-3c9d5f7b",
        "source": "https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "src/gd_tiff.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "302276016543215858653877778009713530354",
                "13455885363820143604871457319934368395",
                "183834353088520194114113814617482493833",
                "67713296539483513808535468205446763404",
                "226777703373263504429618803239687544287",
                "217808704602626426821386411462298446926",
                "131506312562035270890776141939719606472",
                "154484923779217233892676667613345838946",
                "257272419617703692796463588766278850469",
                "282851622350716209326674316345405171431",
                "298947769286978432309066078178472878393",
                "282431242015797273047242031756341625872",
                "26204269596150467919520423331056159017",
                "290880021847565619423291360926600057955",
                "231949036220121703014684570531010375016",
                "126883458774049413660788293557227155494",
                "53262969221578858500973573257275501782",
                "15393262755005942988110036472065813717"
            ]
        }
    },
    {
        "signature_version": "v1",
        "id": "CVE-2016-6911-75674dbe",
        "source": "https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "src/gd_io_dp.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "51705874965360408895113973707220570798",
                "338490049937993592134511052328150713676",
                "198670533405584592456930307949755701390",
                "184289285682504290365505367894561045662",
                "312635667455914412941394297507631977459",
                "164912364801540328250245857455151056404",
                "14528537629477714123104826112842305275",
                "174229576911298954313958189567804101011",
                "325833405717297570262963559864233221923",
                "317610442461629431391937423399079119428",
                "120502324777701742226354058733936885617",
                "241736327363884881656391957885907719249",
                "285973232702347830150094530819225094026",
                "101632286035458322189832322367820274795",
                "39869547321120853841394121441751628056"
            ]
        }
    },
    {
        "signature_version": "v1",
        "id": "CVE-2016-6911-ebb30b67",
        "source": "https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "src/gd_io_dp.c",
            "function": "dynamicGetbuf"
        },
        "digest": {
            "function_hash": "153318254224435095221987322236657302014",
            "length": 403.0
        }
    }
]