QwikSec

Security Database

CVE

CWE

Training

CVE-2016-3074

Published: Apr 26, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

exploit

x_refsource_EXPLOIT-DB

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_REDHAT

20160421 CVE-2016-3074: libgd: signedness vulnerability

mailing-list

x_refsource_FULLDISC

vendor-advisory

x_refsource_DEBIAN

FEDORA-2016-0c57b12c7b

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_UBUNTU

SSA:2016-120-02

vendor-advisory

x_refsource_SLACKWARE

http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.html

x_refsource_MISC

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

x_refsource_CONFIRM

20160421 CVE-2016-3074: libgd: signedness vulnerability

mailing-list

x_refsource_BUGTRAQ

FEDORA-2016-5f91f43826

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2016:1274

vendor-advisory

x_refsource_SUSE

https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.