edit-icon download-icon

[Vulnerability notice] CVE-2016-3074: DoS vulnerability in GD Graphics Library

Last Updated: Nov 14, 2017

Description

GD Graphics Library (LibGD) is an open source code library for the dynamic creation of images by programmers.

LibGD 2.1.1 has an integer signature error. By constructing compressed gd2 data, remote attackers can start a denial of service attack or run arbitrary code.

Affected versions

LibGD 2.1.1 or earlier versions

Fix

  • Use the official patch to re-compile and install LibGD.

  • Upgrade the PHP version.

    • Upgrade the 7.0.x series to 7.0.6 or later.
    • Upgrade the 5.6.x series to 5.6.21 or later.
    • Upgrade the 5.5.x series to 5.5.35 or later.
Thank you! We've received your feedback.