{"id":"CVE-2016-10166","details":"Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.","modified":"2026-02-21T00:35:13.883495Z","published":"2017-03-15T15:59:00.267Z","related":["MGASA-2017-0055","SUSE-SU-2017:0468-1","SUSE-SU-2017:0534-1","SUSE-SU-2017:0556-1","SUSE-SU-2017:0568-1","openSUSE-SU-2024:10777-1"],"references":[{"type":"ADVISORY","url":"http://libgd.github.io/release-2.2.4.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3777"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/01/26/1"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/01/28/6"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95869"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2519"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3299"},{"type":"ADVISORY","url":"https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35"},{"type":"REPORT","url":"https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/26/1"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/01/28/6"},{"type":"FIX","url":"https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2017/01/26/1"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2017/01/28/6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libgd/libgd","events":[{"introduced":"0"},{"fixed":"60bfb401ad5a4a8ae995dcd36372fe15c71e1a35"}]}],"versions":["GD_1_3_0","GD_1_4_0","GD_1_5_0","GD_1_6_0","GD_1_6_1","GD_1_6_2","GD_1_6_3","GD_1_7_0","GD_1_7_1","GD_1_7_2","GD_1_7_3","GD_1_8_0","GD_1_8_1","GD_1_8_3","GD_1_8_4","GD_2_0_0","GD_2_0_1","GD_2_0_10","GD_2_0_11","GD_2_0_12","GD_2_0_13","GD_2_0_14","GD_2_0_15","GD_2_0_17","GD_2_0_18","GD_2_0_19","GD_2_0_2","GD_2_0_20","GD_2_0_21","GD_2_0_22","GD_2_0_23","GD_2_0_24","GD_2_0_25","GD_2_0_26","GD_2_0_27","GD_2_0_28","GD_2_0_29","GD_2_0_3","GD_2_0_30","GD_2_0_31","GD_2_0_32","GD_2_0_33","GD_2_0_34RC1","GD_2_0_4","GD_2_0_5","GD_2_0_6","GD_2_0_7","GD_2_0_8","GD_2_0_9","gd-2.1.0","gd-2.1.0-alpha1","gd-2.1.0-rc1","gd-2.1.0-rc2","gd-2.1.1","gd-2.2.0","gd-2.2.1"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","deprecated":false,"id":"CVE-2016-10166-115cc99f","target":{"file":"src/gd_interpolation.c"},"source":"https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["319114839335506718010440031313640369840","70936575597508772177554749344894942985","313669099802809286542431755493638161400","186363153775871792765299658151347722393","32203206597848084205807765364102706806","267143131197922115299898535784011139230","106818626055993740494809877607987141742","7408849888522485282287847053060327510","231759641975994305501777434971180538940","255168206647141181002041976077373425808","247015185942616675200271810803812081175","94177551652147711107171311008886191460","151957346075835334428301729900744769196","331610226500052594165792238958007599404","38117480354834990187606146596380211628","150536331090372101041036861751268750920"]}},{"signature_type":"Function","deprecated":false,"id":"CVE-2016-10166-14c374ce","target":{"file":"src/gd_interpolation.c","function":"_gdContributionsAlloc"},"source":"https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35","signature_version":"v1","digest":{"function_hash":"171096856165950967350039645785062079528","length":968}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10166.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}