What is the severity of CVE-2016-5767?

CVE-2016-5767 has a high severity, as it can lead to denial of service through a heap-based buffer overflow.

How do I fix CVE-2016-5767?

To fix CVE-2016-5767, upgrade to PHP versions 7.0.8 or newer, or GD Graphics Library version 2.0.34RC1 or newer.

Which versions of PHP are affected by CVE-2016-5767?

PHP versions below 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 are affected by CVE-2016-5767.

Is there a workaround for CVE-2016-5767?

There are no known effective workarounds for CVE-2016-5767; upgrading to patched versions is recommended.

What type of vulnerability is CVE-2016-5767 classified as?

CVE-2016-5767 is classified as a remote denial of service vulnerability due to integer overflow.

Vulnerability/
CVE-2016-5767

high

8.8

CWE

119 190

7/8/2016

6/8/2024

CVE-2016-5767: Buffer Overflow

First published: Sun Aug 07 2016(Updated: )

Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
PHP	<7.0.8	7.0.8
libgd	<=2.0.33
PHP	<=5.5.36
PHP	=5.6.0-alpha1
PHP	=5.6.0-alpha2
PHP	=5.6.0-alpha3
PHP	=5.6.0-alpha4
PHP	=5.6.0-alpha5
PHP	=5.6.0-beta1
PHP	=5.6.0-beta2
PHP	=5.6.0-beta3
PHP	=5.6.0-beta4
PHP	=5.6.1
PHP	=5.6.2
PHP	=5.6.3
PHP	=5.6.4
PHP	=5.6.5
PHP	=5.6.6
PHP	=5.6.7
PHP	=5.6.8
PHP	=5.6.9
PHP	=5.6.10
PHP	=5.6.11
PHP	=5.6.12
PHP	=5.6.13
PHP	=5.6.14
PHP	=5.6.15
PHP	=5.6.16
PHP	=5.6.17
PHP	=5.6.18
PHP	=5.6.19
PHP	=5.6.20
PHP	=5.6.21
PHP	=5.6.22
PHP	=7.0.0
PHP	=7.0.1
PHP	=7.0.2
PHP	=7.0.3
PHP	=7.0.4
PHP	=7.0.5
PHP	=7.0.6
PHP	=7.0.7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-5767?
CVE-2016-5767 has a high severity, as it can lead to denial of service through a heap-based buffer overflow.
How do I fix CVE-2016-5767?
To fix CVE-2016-5767, upgrade to PHP versions 7.0.8 or newer, or GD Graphics Library version 2.0.34RC1 or newer.
Which versions of PHP are affected by CVE-2016-5767?
PHP versions below 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 are affected by CVE-2016-5767.
Is there a workaround for CVE-2016-5767?
There are no known effective workarounds for CVE-2016-5767; upgrading to patched versions is recommended.
What type of vulnerability is CVE-2016-5767 classified as?
CVE-2016-5767 is classified as a remote denial of service vulnerability due to integer overflow.

agent/type
agent/severity
agent/references
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
collector/php-changelog
source/PHP
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/weakness
agent/tags
agent/softwarecombine
collector/nvd-index
vendor/php
canonical/php
vendor/libgd
canonical/libgd
version/libgd/2.0.33
version/php/5.5.36
version/php/5.6.0-alpha1
version/php/5.6.0-alpha2
version/php/5.6.0-alpha3
version/php/5.6.0-alpha4
version/php/5.6.0-alpha5
version/php/5.6.0-beta1
version/php/5.6.0-beta2
version/php/5.6.0-beta3
version/php/5.6.0-beta4
version/php/5.6.1
version/php/5.6.2
version/php/5.6.3
version/php/5.6.4
version/php/5.6.5
version/php/5.6.6
version/php/5.6.7
version/php/5.6.8
version/php/5.6.9
version/php/5.6.10
version/php/5.6.11
version/php/5.6.12
version/php/5.6.13
version/php/5.6.14
version/php/5.6.15
version/php/5.6.16
version/php/5.6.17
version/php/5.6.18
version/php/5.6.19
version/php/5.6.20
version/php/5.6.21
version/php/5.6.22
version/php/7.0.0
version/php/7.0.1
version/php/7.0.2
version/php/7.0.3
version/php/7.0.4
version/php/7.0.5
version/php/7.0.6
version/php/7.0.7