Critical severity9.8NVD Advisory· Published Apr 26, 2016· Updated May 6, 2026

CVE-2016-3074

Description

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

Affected products

Libgd/Libgd
cpe:2.3:a:libgd:libgd:2.1.1:*:*:*:*:*:*:*
PHP/PHP
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Range: >=5.5.0,<5.5.35
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19nvdPatchThird Party Advisory
packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.htmlnvdExploitThird Party AdvisoryVDB Entry
seclists.org/fulldisclosure/2016/Apr/72nvdExploitMailing ListThird Party Advisory
www.exploit-db.com/exploits/39736/nvdExploitThird Party AdvisoryVDB Entry
lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-2750.htmlnvdThird Party Advisory
www.debian.org/security/2016/dsa-3556nvdThird Party Advisory
www.debian.org/security/2016/dsa-3602nvdThird Party Advisory
www.securityfocus.com/archive/1/538160/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/87087nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1035659nvdBroken LinkThird Party AdvisoryVDB Entry
www.slackware.com/security/viewer.phpnvdThird Party Advisory
www.ubuntu.com/usn/USN-2987-1nvdThird Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
security.gentoo.org/glsa/201607-04nvdThird Party Advisory
security.gentoo.org/glsa/201611-22nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.048
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000