CVE-2016-8670 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Affected Products (NVD)

Vendor	Product	Version
libgd	libgd	𝑥 ≤ 2.2.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libgd2

bookworm	2.3.3-9 fixed
bullseye	2.3.0-2 fixed
sid	2.3.3-12 fixed
trixie	2.3.3-12 fixed

Ubuntu Releases

Ubuntu Product

Codename

libgd2

precise	Fixed 2.0.36~rc1~dfsg-6ubuntu2.3 released
trusty	Fixed 2.1.0-3ubuntu0.5 released
xenial	Fixed 2.1.1-4ubuntu0.16.04.5 released
yakkety	Fixed 2.2.1-1ubuntu3.2 released

php5

precise	not-affected
trusty	not-affected
xenial	dne
yakkety	dne

php7.0

precise	dne
trusty	dne
xenial	not-affected
yakkety	not-affected

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.debian.org/security/2016/dsa-3693

http://www.openwall.com/lists/oss-security/2016/10/15/1

http://www.php.net/ChangeLog-5.php

http://www.php.net/ChangeLog-7.php

http://www.securityfocus.com/bid/93594

https://bugs.php.net/bug.php?id=73280

https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9

https://support.f5.com/csp/article/K21336065?utm_source=f5support&amp%3Butm_medium=RSS

http://www.debian.org/security/2016/dsa-3693

http://www.openwall.com/lists/oss-security/2016/10/15/1

http://www.php.net/ChangeLog-5.php

http://www.php.net/ChangeLog-7.php

http://www.securityfocus.com/bid/93594

https://bugs.php.net/bug.php?id=73280

https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9

https://support.f5.com/csp/article/K21336065?utm_source=f5support&amp%3Butm_medium=RSS