Vulnerability-Lookup

CVE-2016-6207 (GCVE-0-2016-6207)

Vulnerability from cvelistv5 – Published: 2016-08-12 15:00 – Updated: 2024-08-06 01:22

Summary

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/92080	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	https://libgd.github.io/release-2.2.3.html	x_refsource_CONFIRM
	https://bugs.php.net/bug.php?id=72558	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2750.html	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/archive/1/539100/100…	mailing-listx_refsource_BUGTRAQ
	http://www.ubuntu.com/usn/USN-3060-1	vendor-advisoryx_refsource_UBUNTU
	http://www.debian.org/security/2016/dsa-3630	vendor-advisoryx_refsource_DEBIAN
	http://www.securitytracker.com/id/1036535	vdb-entryx_refsource_SECTRACK
	https://security.gentoo.org/glsa/201612-09	vendor-advisoryx_refsource_GENTOO
	https://secunia.com/secunia_research/2016-9/	x_refsource_MISC
	http://packetstormsecurity.com/files/138174/LibGD…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:20.735Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "92080",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92080"
          },
          {
            "name": "openSUSE-SU-2016:2117",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://libgd.github.io/release-2.2.3.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=72558"
          },
          {
            "name": "openSUSE-SU-2016:2363",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
          },
          {
            "name": "RHSA-2016:2750",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
          },
          {
            "name": "20160803 Secunia Research: LibGD \"_gdContributionsAlloc()\" Integer Overflow Denial of Service Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/539100/100/0/threaded"
          },
          {
            "name": "USN-3060-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3060-1"
          },
          {
            "name": "DSA-3630",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3630"
          },
          {
            "name": "1036535",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036535"
          },
          {
            "name": "GLSA-201612-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-09"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://secunia.com/secunia_research/2016-9/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "92080",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92080"
        },
        {
          "name": "openSUSE-SU-2016:2117",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://libgd.github.io/release-2.2.3.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=72558"
        },
        {
          "name": "openSUSE-SU-2016:2363",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
        },
        {
          "name": "RHSA-2016:2750",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
        },
        {
          "name": "20160803 Secunia Research: LibGD \"_gdContributionsAlloc()\" Integer Overflow Denial of Service Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/539100/100/0/threaded"
        },
        {
          "name": "USN-3060-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3060-1"
        },
        {
          "name": "DSA-3630",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3630"
        },
        {
          "name": "1036535",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036535"
        },
        {
          "name": "GLSA-201612-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201612-09"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://secunia.com/secunia_research/2016-9/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-6207",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "92080",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92080"
            },
            {
              "name": "openSUSE-SU-2016:2117",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
            },
            {
              "name": "https://libgd.github.io/release-2.2.3.html",
              "refsource": "CONFIRM",
              "url": "https://libgd.github.io/release-2.2.3.html"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=72558",
              "refsource": "CONFIRM",
              "url": "https://bugs.php.net/bug.php?id=72558"
            },
            {
              "name": "openSUSE-SU-2016:2363",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
            },
            {
              "name": "RHSA-2016:2750",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
            },
            {
              "name": "20160803 Secunia Research: LibGD \"_gdContributionsAlloc()\" Integer Overflow Denial of Service Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/539100/100/0/threaded"
            },
            {
              "name": "USN-3060-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3060-1"
            },
            {
              "name": "DSA-3630",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3630"
            },
            {
              "name": "1036535",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036535"
            },
            {
              "name": "GLSA-201612-09",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201612-09"
            },
            {
              "name": "https://secunia.com/secunia_research/2016-9/",
              "refsource": "MISC",
              "url": "https://secunia.com/secunia_research/2016-9/"
            },
            {
              "name": "http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-6207",
    "datePublished": "2016-08-12T15:00:00.000Z",
    "dateReserved": "2016-07-13T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:22:20.735Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-JX7W-46CH-JMCQ

Vulnerability from github – Published: 2022-05-14 02:12 – Updated: 2025-04-12 13:03

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6207"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-08-12T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.",
  "id": "GHSA-jx7w-46ch-jmcq",
  "modified": "2025-04-12T13:03:31Z",
  "published": "2022-05-14T02:12:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6207"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=72558"
    },
    {
      "type": "WEB",
      "url": "https://libgd.github.io/release-2.2.3.html"
    },
    {
      "type": "WEB",
      "url": "https://secunia.com/secunia_research/2016-9"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201612-09"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3630"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/539100/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92080"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036535"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3060-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-6207

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6207

Aliases

CVE-2016-6207

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6207",
    "description": "Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.",
    "id": "GSD-2016-6207",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-6207.html",
      "https://www.debian.org/security/2016/dsa-3630",
      "https://access.redhat.com/errata/RHSA-2016:2750",
      "https://ubuntu.com/security/CVE-2016-6207",
      "https://advisories.mageia.org/CVE-2016-6207.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6207"
      ],
      "details": "Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.",
      "id": "GSD-2016-6207",
      "modified": "2023-12-13T01:21:23.122514Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-6207",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "92080",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/92080"
          },
          {
            "name": "openSUSE-SU-2016:2117",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
          },
          {
            "name": "https://libgd.github.io/release-2.2.3.html",
            "refsource": "CONFIRM",
            "url": "https://libgd.github.io/release-2.2.3.html"
          },
          {
            "name": "https://bugs.php.net/bug.php?id=72558",
            "refsource": "CONFIRM",
            "url": "https://bugs.php.net/bug.php?id=72558"
          },
          {
            "name": "openSUSE-SU-2016:2363",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
          },
          {
            "name": "RHSA-2016:2750",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
          },
          {
            "name": "20160803 Secunia Research: LibGD \"_gdContributionsAlloc()\" Integer Overflow Denial of Service Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/539100/100/0/threaded"
          },
          {
            "name": "USN-3060-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-3060-1"
          },
          {
            "name": "DSA-3630",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2016/dsa-3630"
          },
          {
            "name": "1036535",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036535"
          },
          {
            "name": "GLSA-201612-09",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201612-09"
          },
          {
            "name": "https://secunia.com/secunia_research/2016-9/",
            "refsource": "MISC",
            "url": "https://secunia.com/secunia_research/2016-9/"
          },
          {
            "name": "http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.2.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.9",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.6.24",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.38",
                "versionStartIncluding": "5.5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-6207"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                },
                {
                  "lang": "en",
                  "value": "CWE-787"
                },
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://secunia.com/secunia_research/2016-9/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://secunia.com/secunia_research/2016-9/"
            },
            {
              "name": "https://libgd.github.io/release-2.2.3.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://libgd.github.io/release-2.2.3.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html"
            },
            {
              "name": "1036535",
              "refsource": "SECTRACK",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1036535"
            },
            {
              "name": "DSA-3630",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3630"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=72558",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugs.php.net/bug.php?id=72558"
            },
            {
              "name": "openSUSE-SU-2016:2363",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
            },
            {
              "name": "openSUSE-SU-2016:2117",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
            },
            {
              "name": "USN-3060-1",
              "refsource": "UBUNTU",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3060-1"
            },
            {
              "name": "92080",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/92080"
            },
            {
              "name": "GLSA-201612-09",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201612-09"
            },
            {
              "name": "RHSA-2016:2750",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
            },
            {
              "name": "20160803 Secunia Research: LibGD \"_gdContributionsAlloc()\" Integer Overflow Denial of Service Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/539100/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-08-29T20:04Z",
      "publishedDate": "2016-08-12T15:59Z"
    }
  }
}

CNVD-2016-06004

Vulnerability from cnvd - Published: 2016-08-04

Title

libgd2整数溢出漏洞

Description

libgd2（又名GD Graphics Library或libgd）是美国软件开发者Thomas Boutell所研发的一个开源的用于动态创建图像的库。 libgd2文件中的‘_gdContributionsAlloc()’函数存在整数溢出漏洞，远程攻击者可利用该漏洞对使用libgd2文件库的应用程序造成拒绝服务。

Severity

中

Patch Name

libgd2整数溢出漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://libgd.github.io/

Reference

https://www.debian.org/security/2016/dsa-3630

Impacted products

Name
libgd2 libgd2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6207"
    }
  },
  "description": "libgd2\uff08\u53c8\u540dGD Graphics Library\u6216libgd\uff09\u662f\u7f8e\u56fd\u8f6f\u4ef6\u5f00\u53d1\u8005Thomas Boutell\u6240\u7814\u53d1\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u7528\u4e8e\u52a8\u6001\u521b\u5efa\u56fe\u50cf\u7684\u5e93\u3002\r\n\r\nlibgd2\u6587\u4ef6\u4e2d\u7684\u0026lsquo;_gdContributionsAlloc()\u0026rsquo;\u51fd\u6570\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u4f7f\u7528libgd2\u6587\u4ef6\u5e93\u7684\u5e94\u7528\u7a0b\u5e8f\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://libgd.github.io/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-06004",
  "openTime": "2016-08-04",
  "patchDescription": "libgd2\uff08\u53c8\u540dGD Graphics Library\u6216libgd\uff09\u662f\u7f8e\u56fd\u8f6f\u4ef6\u5f00\u53d1\u8005Thomas Boutell\u6240\u7814\u53d1\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u7528\u4e8e\u52a8\u6001\u521b\u5efa\u56fe\u50cf\u7684\u5e93\u3002\r\n\r\nlibgd2\u6587\u4ef6\u4e2d\u7684\u0026lsquo;_gdContributionsAlloc()\u0026rsquo;\u51fd\u6570\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u4f7f\u7528libgd2\u6587\u4ef6\u5e93\u7684\u5e94\u7528\u7a0b\u5e8f\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "libgd2\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "libgd2 libgd2"
  },
  "referenceLink": "https://www.debian.org/security/2016/dsa-3630",
  "serverity": "\u4e2d",
  "submitTime": "2016-08-04",
  "title": "libgd2\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}

CERTFR-2017-AVI-237

Vulnerability from certfr_avis - Published: 2017-07-27 - Updated: 2017-07-27

De multiples vulnérabilités ont été corrigées dans Fortinet FortiOS et FortiAnalyzer. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions antérieures à 5.6.0
Fortinet	FortiOS	FortiOS versions antérieures à 5.4.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 5.4.3

References

Title

Publication Time

FKIE_CVE-2016-6207

Vulnerability from fkie_nvd - Published: 2016-08-12 15:59 - Updated: 2025-04-12 10:46

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html	Mailing List, Third Party Advisory
cve@mitre.org	http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2016-2750.html	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2016/dsa-3630	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/539100/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/92080	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1036535	Patch, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.ubuntu.com/usn/USN-3060-1	Mailing List, Third Party Advisory
cve@mitre.org	https://bugs.php.net/bug.php?id=72558	Issue Tracking, Vendor Advisory
cve@mitre.org	https://libgd.github.io/release-2.2.3.html	Vendor Advisory
cve@mitre.org	https://secunia.com/secunia_research/2016-9/	Third Party Advisory, VDB Entry
cve@mitre.org	https://security.gentoo.org/glsa/201612-09	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2016-2750.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3630	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/539100/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92080	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036535	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-3060-1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=72558	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://libgd.github.io/release-2.2.3.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://secunia.com/secunia_research/2016-9/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201612-09	Third Party Advisory

Impacted products

Vendor	Product	Version
libgd	libgd	*
debian	debian_linux	8.0
opensuse	leap	42.1
php	php	*
php	php	*
php	php	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CABE614C-FFD3-4B02-B5DF-658185F8D874",
              "versionEndIncluding": "2.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F79D472-7AF7-4954-8C63-7C063613ADC6",
              "versionEndExcluding": "5.5.38",
              "versionStartIncluding": "5.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE57AD0E-537B-4A24-B296-589BFD241DD7",
              "versionEndExcluding": "5.6.24",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E03A748C-D25C-4E3F-B636-F6E45A9A92CC",
              "versionEndExcluding": "7.0.9",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en la funci\u00f3n _gdContributionsAlloc en gd_interpolation.c en GD Graphics Library (tambi\u00e9n conocida como libgd) en versiones anteriores a 2.2.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (escritura de memoria fuera de l\u00edmites o consumo de memoria) a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-6207",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-08-12T15:59:03.730",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3630"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/539100/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92080"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036535"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-3060-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=72558"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://libgd.github.io/release-2.2.3.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://secunia.com/secunia_research/2016-9/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201612-09"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/539100/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-3060-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=72558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://libgd.github.io/release-2.2.3.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://secunia.com/secunia_research/2016-9/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201612-09"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        },
        {
          "lang": "en",
          "value": "CWE-190"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6207 (GCVE-0-2016-6207)

GHSA-JX7W-46CH-JMCQ

GSD-2016-6207

CNVD-2016-06004

CERTFR-2017-AVI-237

Solution

FKIE_CVE-2016-6207

Tags

Sightings

Nomenclature