Description

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

Remediation

References

CVE-2016-3074

Related Vulnerabilities

WordPress Plugin Peter's Math Anti-Spam Audio CAPTCHA Security Bypass (0.1.6)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5304)

Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7)

WordPress Plugin Auto Publish for Google My Business Cross-Site Scripting (3.3)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0553)

Severity

Critical

Classification

CVE-2016-3074 CWE-681 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities