CVE-2016-10168

HIGH7.8EPSS 0.61%

Published: 3/15/2017Modified: 4/28/2026

Description

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.

Affected packages (2)

Alpine/gdfrom 0, < 2.2.4-r0
Debian/libgd2from 0, < 2.2.4-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.8	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-10168
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-10168