Lucene search

K

PRIOn knowledge basePRION:CVE-2016-3074

HistoryApr 26, 2016 - 2:59 p.m.

Integer overflow

2016-04-2614:59:00

PRIOn knowledge base

www.prio-n.com

5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.487 Medium

EPSS

Percentile

97.4%

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

CPENameOperatorVersion
ubuntu_linuxeq15.10
ubuntu_linuxeq14.04
ubuntu_linuxeq16.04
ubuntu_linuxeq12.04
debian_linuxeq8.0
debian_linuxeq7.0
fedoraeq24
fedoraeq23
libgdeq2.1.1
opensuseeq13.2

Rows per page:

1-10 of 161

References

lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html

packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.html

rhn.redhat.com/errata/RHSA-2016-2750.html

seclists.org/fulldisclosure/2016/Apr/72

www.debian.org/security/2016/dsa-3556

www.debian.org/security/2016/dsa-3602

www.securityfocus.com/archive/1/538160/100/0/threaded

www.securityfocus.com/bid/87087

www.securitytracker.com/id/1035659

www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.383127

www.ubuntu.com/usn/USN-2987-1

github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.html

lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.html

security.gentoo.org/glsa/201607-04

security.gentoo.org/glsa/201611-22

www.exploit-db.com/exploits/39736/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.487 Medium

EPSS

Percentile

97.4%