CVE-2016-10166
Advisory lineage Upstream: 0 Downstream: 13
Modified
Published: 15 Mar 2017, 15:00
Last modified:06 Aug 2024, 03:14
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
v3.0 (nvd)
EPSS Score
6.87% LOW
7% probability -1.46%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
15 Mar 2017, 15:00
Published
Vulnerability first disclosed
06 Aug 2024, 03:14
Last Modified
Vulnerability information updated
Description
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
CVSS Metrics
- v3.0•CRITICAL•Score: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 6.87%• Percentile: 92%
Techniques & Countermeasures
- CWE-191•Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Affected Systems
- libgd•libgd
≤ 2.2.3
References (8)
- http://www.openwall.com/lists/oss-security/2017/01/26/1
- http://www.openwall.com/lists/oss-security/2017/01/28/6
- http://libgd.github.io/release-2.2.4.html
- https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
- http://www.debian.org/security/2017/dsa-3777
- http://www.securityfocus.com/bid/95869
- https://access.redhat.com/errata/RHSA-2019:2519
- https://access.redhat.com/errata/RHSA-2019:3299