5.5

CVE-2016-10167

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibgdLibgd Version <= 2.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.74% 0.884
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.tenable.com/security/tns-2017-04
https://access.redhat.com/errata/RHSA-2018:1296
http://www.securitytracker.com/id/1037659
http://www.debian.org/security/2017/dsa-3777
http://libgd.github.io/release-2.2.4.html
Vendor Advisory
Release Notes
http://www.openwall.com/lists/oss-security/2017/01/26/1
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2017/01/28/6
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/95869
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:3221
https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
Patch
Third Party Advisory
Issue Tracking