USN-3213-1

Advisory lineage Upstream: 14 Downstream: 0
Published: 28 Feb 2017, 18:31
Last modified:22 Apr 2026, 09:32

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

28 Feb 2017, 18:31
Published
Vulnerability first disclosed
22 Apr 2026, 09:32
Last Modified
Vulnerability information updated

Description

libgd2 vulnerabilities Stefan Esser discovered that the GD library incorrectly handled memory when processing certain images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10166) It was discovered that the GD library incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service. (CVE-2016-10167) It was discovered that the GD library incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-10168) Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed TGA images. If a user or automated system were tricked into processing a specially crafted TGA image, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6906) Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed WebP images. If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6912) It was discovered that the GD library incorrectly handled creating oversized images. If a user or automated system were tricked into creating a specially crafted image, an attacker could cause a denial of service. (CVE-2016-9317) It was discovered that the GD library incorrectly handled filling certain images. If a user or automated system were tricked into filling an image, an attacker could cause a denial of service. (CVE-2016-9933)

Affected Systems

  • ubuntulibgd2

    < 2.1.0-3ubuntu0.6 | < 2.1.1-4ubuntu0.16.04.6

References (8)