High severity8.8NVD Advisory· Published Aug 7, 2016· Updated May 6, 2026
CVE-2016-5766
CVE-2016-5766
Description
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eacnvdExploitPatch
- bugs.php.net/bug.phpnvdExploitPatchVendor Advisory
- www.debian.org/security/2016/dsa-3619nvdThird Party Advisory
- php.net/ChangeLog-5.phpnvdRelease Notes
- php.net/ChangeLog-7.phpnvdRelease Notes
- www.openwall.com/lists/oss-security/2016/06/23/4nvdRelease Notes
- libgd.github.io/release-2.2.3.htmlnvdRelease Notes
- lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-08/msg00003.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-2598.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-2750.htmlnvd
- www.ubuntu.com/usn/USN-3030-1nvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- security.gentoo.org/glsa/201612-09nvd
News mentions
0No linked articles in our index yet.