5.5
CVE-2016-10167
- EPSS 3.74%
- Veröffentlicht 15.03.2017 15:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.74% | 0.884 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://www.tenable.com/security/tns-2017-04
https://access.redhat.com/errata/RHSA-2018:1296
http://www.securitytracker.com/id/1037659
http://www.debian.org/security/2017/dsa-3777
http://libgd.github.io/release-2.2.4.html
http://www.openwall.com/lists/oss-security/2017/01/26/1
http://www.openwall.com/lists/oss-security/2017/01/28/6
http://www.securityfocus.com/bid/95869
https://access.redhat.com/errata/RHSA-2017:3221
https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f