CVE-2016-6132 - OpenCVE

The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Libgd	Libgd
Opensuse	Leap

Configuration 1 [-]

OR	cpe:2.3:a:libgd:libgd::::::::
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:opensuse:leap:42.1:::::::*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html
http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html
http://www.debian.org/security/2016/dsa-3619
http://www.openwall.com/lists/oss-security/2016/06/30/10
http://www.openwall.com/lists/oss-security/2016/06/30/6
http://www.securityfocus.com/bid/91520
http://www.ubuntu.com/usn/USN-3060-1
https://github.com/libgd/libgd/issues/247
https://libgd.github.io/release-2.2.3.html
https://nvd.nist.gov/vuln/detail/CVE-2016-6132
https://security.gentoo.org/glsa/201612-09
https://www.cve.org/CVERecord?id=CVE-2016-6132

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-08-12T15:00:00

Updated: 2024-08-06T01:22:20.312Z

Reserved: 2016-06-30T00:00:00

Link: CVE-2016-6132

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-08-12T15:59:00.130

Modified: 2018-10-30T16:27:32.030

Link: CVE-2016-6132

Redhat

Severity : Low

Publid Date: 2016-06-30T00:00:00Z

Links: CVE-2016-6132 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-06-30T00:00:00", "descriptions": [{"lang": "en", "value": "The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "openSUSE-SU-2016:2117", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://libgd.github.io/release-2.2.3.html"}, {"name": "[oss-security] 20160630 CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/06/30/6"}, {"name": "openSUSE-SU-2016:2363", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"}, {"name": "USN-3060-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3060-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/issues/247"}, {"name": "GLSA-201612-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201612-09"}, {"name": "91520", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91520"}, {"name": "[oss-security] 20160630 Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/06/30/10"}, {"name": "DSA-3619", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3619"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6132", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2016:2117", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"}, {"name": "https://libgd.github.io/release-2.2.3.html", "refsource": "CONFIRM", "url": "https://libgd.github.io/release-2.2.3.html"}, {"name": "[oss-security] 20160630 CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/30/6"}, {"name": "openSUSE-SU-2016:2363", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"}, {"name": "USN-3060-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3060-1"}, {"name": "https://github.com/libgd/libgd/issues/247", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/issues/247"}, {"name": "GLSA-201612-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201612-09"}, {"name": "91520", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91520"}, {"name": "[oss-security] 20160630 Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/30/10"}, {"name": "DSA-3619", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3619"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:22:20.312Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2016:2117", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://libgd.github.io/release-2.2.3.html"}, {"name": "[oss-security] 20160630 CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/30/6"}, {"name": "openSUSE-SU-2016:2363", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"}, {"name": "USN-3060-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3060-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/issues/247"}, {"name": "GLSA-201612-09", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201612-09"}, {"name": "91520", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91520"}, {"name": "[oss-security] 20160630 Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/30/10"}, {"name": "DSA-3619", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3619"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6132", "datePublished": "2016-08-12T15:00:00", "dateReserved": "2016-06-30T00:00:00", "dateUpdated": "2024-08-06T01:22:20.312Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*", "matchCriteriaId": "CABE614C-FFD3-4B02-B5DF-658185F8D874", "versionEndIncluding": "2.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file."}, {"lang": "es", "value": "La funci\u00f3n gdImageCreateFromTgaCtx en GD Graphics Library (tambi\u00e9n conocida como libgd) en versiones anteriores a 2.2.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un archivo TGA manipulado."}], "id": "CVE-2016-6132", "lastModified": "2018-10-30T16:27:32.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-12T15:59:00.130", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3619"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/30/10"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/30/6"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91520"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3060-1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/issues/247"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://libgd.github.io/release-2.2.3.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201612-09"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "gd: Buffer over-read issue when parsing crafted TGA file", "id": "1352544", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1352544"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "draft"}, "cvss3": {"cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-130->CWE-125", "details": ["The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file."], "name": "CVE-2016-6132", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "libwmf", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libwmf", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libwmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "php54-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "php55-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-php56-php", "product_name": "Red Hat Software Collections"}], "public_date": "2016-06-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-6132\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6132"], "threat_severity": "Low"}