CVE-2016-5116 — Vulnetix

CVE-2016-5116 PUBLISHED

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

EPSS 2.40% · 85.4th percentile

Risk Scores

EPSS Score

2.40%

85.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	libgd2	2.1.0-3ubuntu0.1, 0, 2.1.0-2
Ubuntu:16.04:LTS	libgd2	0, 2.1.1-4build1, 2.1.1-4build2

Exploit Intelligence

openSUSE-SU-2016:2363 (circl)
https://github.com/libgd/libgd/issues/211 (circl)
[oss-security] 20160529 Re: CVE Request: libgd - gdCtxPrintf memory leak (circl)
DSA-3619 (circl)
USN-3030-1 (circl)
https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 (circl)

Timeline

May 30, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 17, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Mar 23, 2025 EPSS Score
Mar 24, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 20, 2025 EPSS Score
May 1, 2025 EPSS Score
May 5, 2025 EPSS Score
Jun 1, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2016-5116 third-party-advisory
http://www.openwall.com/lists/oss-security/2016/05/29/3 third-party-advisory
https://ubuntu.com/security/notices/USN-3030-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2016-5116 third-party-advisory

Open in Interactive Console →