CVE-2016-5766

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-5766
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5766.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-5766
Downstream
Related
Published
2016-08-07T10:59:13.663Z
Modified
2026-03-15T22:09:51.873472Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Integer overflow in the gd2GetHeader function in gdgd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.

References

Affected packages

Git / github.com/libgd/libgd

Affected ranges

Type
GIT
Repo
https://github.com/libgd/libgd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fceb93d2b97021ac27a2cc7eebf0f53f5c4188db
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ec6b61f591b949a1431280899f21c098ffe8ec14
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d26068059e83fe40de3430a512471d194119bee0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5dc92c2117cafc61daaaaa240fd46c3ac33872a4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5dc92c2117cafc61daaaaa240fd46c3ac33872a4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b437f2b32eb364c9496d24abcc734272e5c9c980
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
70ee6c20ad97e02c2b8098aeea96fefbbc3ac5c2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c70f6c774e77c27873d7786235f1341cde944508
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
60fffd296abce5fc071f3c173c25a2696cf683c6
Fixed
7722455726bec8c53458a32851d2a87982cf0eac
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        }
    ]
}

Affected versions

Other
GD_1_3_0
GD_1_4_0
GD_1_5_0
GD_1_6_0
GD_1_6_1
GD_1_6_2
GD_1_6_3
GD_1_7_0
GD_1_7_1
GD_1_7_2
GD_1_7_3
GD_1_8_0
GD_1_8_1
GD_1_8_3
GD_1_8_4
GD_2_0_0
NEWS
NEWS-cvs2svn
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_NATIVE_TLS_MERGE
POST_PHP7_EREG_MYSQL_REMOVALS
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_NATIVE_TLS_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
PRE_PHPNG_MERGE
php-5.*
php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
php-7.*
php-7.0.0
php-7.0.0RC1
php-7.0.0RC2
php-7.0.0RC3
php-7.0.0RC4
php-7.0.0RC5
php-7.0.0RC6
php-7.0.0RC7
php-7.0.0RC8
php-7.0.0alpha1
php-7.0.0alpha2
php-7.0.0beta1
php-7.0.0beta2
php-7.0.0beta3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5766.json"
vanir_signatures 
[
    {
        "source": "https://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2016-5766-3e6237a7",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "183820387990733455444215637150999073887",
                "18021834238201414578949441055038262345",
                "334593034626459571743002698430345110480",
                "26461974233900450150030247144867305325",
                "311283463863000022992454365625253102445",
                "161485522429828841158027215741124660130",
                "296161358142553532313520047422480048852",
                "222587787824174595950097709248827618808",
                "264774293065332262917206835414693640688"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "ext/gd/libgd/gd_gd2.c"
        }
    },
    {
        "source": "https://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2016-5766-a4bb7314",
        "digest": {
            "length": 2569.0,
            "function_hash": "339190344963408527699679556574785110748"
        },
        "signature_type": "Function",
        "target": {
            "file": "ext/gd/libgd/gd_gd2.c",
            "function": "_gd2GetHeader"
        }
    }
]
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "23"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "24"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "22"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.1"
            }
        ]
    }
]