[3.4] gd: multiple issues (CVE-2015-8874, CVE-2016-5766, CVE-2016-5767, CVE-2016-6128, CVE-2016-6132, CVE-2016-6207, CVE-2016-6214)
CVE-2015-8874: Stack overflow with gdImageFillToBorder
CVE-2016-5766: Integer Overflow in _gd2GetHeader
CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
CVE-2016-6128: Invalid color index not handled, can lead to crash
CVE-2016-6132: A read out-of-bands was found in the parsing of TGA files
CVE-2016-6207: Integer overflow error within _gdContributionsAlloc()
CVE-2016-6214: Buffer over-read issue when parsing crafted TGA file
Reference:
(from redmine: issue id 6075, created on 2016-08-23, closed on 2016-09-14)
- Relations:
- parent #6073 (closed)
- Changesets:
- Revision 4b52b89e on 2016-09-14T09:15:21Z:
main/gd: security upgrade to 2.2.3. Fixes #6075
CVE-2015-8874
CVE-2016-5766
CVE-2016-5767
CVE-2016-6128
CVE-2016-6132
CVE-2016-6207
CVE-2016-6214