Lucene search

K
nvd[email protected]NVD:CVE-2016-5766
HistoryAug 07, 2016 - 10:59 a.m.

CVE-2016-5766

2016-08-0710:59:13
CWE-190
web.nvd.nist.gov
7
integer overflow
gd graphics library
php 5.5.37
php 5.6.23
php 7.0.8
heap-based buffer overflow

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.242

Percentile

96.6%

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.

Affected configurations

Nvd
Node
redhatopenshiftMatch2.0enterprise
Node
freebsdfreebsdMatch8.3
Node
redhatenterprise_linuxMatch6.0
Node
freebsdfreebsdMatch8.0
Node
redhatenterprise_linuxMatch5
Node
libgdlibgdMatch2.2.2
AND
phpphpRange≤5.5.36
OR
phpphpMatch5.6.0alpha1
OR
phpphpMatch5.6.0alpha2
OR
phpphpMatch5.6.0alpha3
OR
phpphpMatch5.6.0alpha4
OR
phpphpMatch5.6.0alpha5
OR
phpphpMatch5.6.0beta1
OR
phpphpMatch5.6.0beta2
OR
phpphpMatch5.6.0beta3
OR
phpphpMatch5.6.0beta4
OR
phpphpMatch5.6.1
OR
phpphpMatch5.6.2
OR
phpphpMatch5.6.3
OR
phpphpMatch5.6.4
OR
phpphpMatch5.6.5
OR
phpphpMatch5.6.6
OR
phpphpMatch5.6.7
OR
phpphpMatch5.6.8
OR
phpphpMatch5.6.9
OR
phpphpMatch5.6.10
OR
phpphpMatch5.6.11
OR
phpphpMatch5.6.12
OR
phpphpMatch5.6.13
OR
phpphpMatch5.6.14
OR
phpphpMatch5.6.15
OR
phpphpMatch5.6.16
OR
phpphpMatch5.6.17
OR
phpphpMatch5.6.18
OR
phpphpMatch5.6.19
OR
phpphpMatch5.6.20
OR
phpphpMatch5.6.21
OR
phpphpMatch5.6.22
OR
phpphpMatch7.0.0
OR
phpphpMatch7.0.1
OR
phpphpMatch7.0.2
OR
phpphpMatch7.0.3
OR
phpphpMatch7.0.4
OR
phpphpMatch7.0.5
OR
phpphpMatch7.0.6
OR
phpphpMatch7.0.7
Node
freebsdfreebsdMatch10.0
Node
fedoraprojectfedoraMatch23
Node
debiandebian_linuxMatch8.0
Node
freebsdfreebsdMatch10.1
Node
fedoraprojectfedoraMatch24
Node
freebsdfreebsdMatch8.4
Node
freebsdfreebsdMatch9.2
Node
freebsdfreebsdMatch8.2
Node
freebsdfreebsdMatch8.1
Node
freebsdfreebsdMatch9.0
Node
freebsdfreebsdMatch10.2
Node
fedoraprojectfedoraMatch22
Node
freebsdfreebsdMatch9.3
Node
redhatenterprise_linuxMatch7.0
Node
freebsdfreebsdMatch10.3
Node
freebsdfreebsdMatch9.1
VendorProductVersionCPE
redhatopenshift2.0cpe:2.3:o:redhat:openshift:2.0:*:enterprise:*:*:*:*:*
freebsdfreebsd8.3cpe:2.3:o:freebsd:freebsd:8.3:*:*:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
freebsdfreebsd8.0cpe:2.3:o:freebsd:freebsd:8.0:*:*:*:*:*:*:*
redhatenterprise_linux5cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
libgdlibgd2.2.2cpe:2.3:a:libgd:libgd:2.2.2:*:*:*:*:*:*:*
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
phpphp5.6.0cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*
phpphp5.6.0cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*
phpphp5.6.0cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*
Rows per page:
1-10 of 621

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.242

Percentile

96.6%