High severity7.8NVD Advisory· Published Mar 15, 2017· Updated May 13, 2026

CVE-2016-10168

Description

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.

Affected products

Libgd/Libgd
cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*
Range: <=2.2.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2017/01/26/1nvdMailing ListPatchThird Party Advisory
www.openwall.com/lists/oss-security/2017/01/28/6nvdMailing ListPatchThird Party Advisory
github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6nvdIssue TrackingPatchThird Party Advisory
github.com/libgd/libgd/issues/354nvdIssue TrackingPatchThird Party Advisory
libgd.github.io/release-2.2.4.htmlnvdVendor Advisory
www.securityfocus.com/bid/95869nvdThird Party AdvisoryVDB Entry
www.debian.org/security/2017/dsa-3777nvd
www.securitytracker.com/id/1037659nvd
access.redhat.com/errata/RHSA-2017:3221nvd
access.redhat.com/errata/RHSA-2018:1296nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000