[3.2] gd: Multiple vulnerabilities (CVE-2016-6906, CVE-2016-9317, CVE-2016-6912, CVE-2016-10166, CVE-2016-10167, CVE-2016-10168)
CVE-2016-6906: The read_image_tga function in gd_tga.c in the GD
Graphics Library (aka libgd) before 2.2.4 allows remote
attackers to cause a denial of service (out-of-bounds read) via a
crafted TGA file, related to the decompression buffer.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-6906
Patches:
https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558
https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415
CVE-2016-9317: The gdImageCreate function in the GD Graphics Library
(aka libgd) before 2.2.4
allows remote attackers to cause a denial of service (system hang) via
an oversized image.
References:
https://libgd.github.io
https://github.com/libgd/libgd/releases/tag/gd-2.2.4
Patch:
https://github.com/libgd/libgd/commit/1846f48e5fcdde996e7c27a4bbac5d0aef183e4b
CVE-2016-6912: Double free vulnerability in the gdImageWebPtr
function in the GD Graphics Library
(aka libgd) before 2.2.4 allows remote attackers to have unspecified
impact via large width and height values.
References:
https://libgd.github.io
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6912
Patch:
https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
CVE-2016-10166: Unsigned integer overflow _gdContributionsAlloc
Fixed In Version:
gd 2.2.4
References:
Patch:
https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
CVE-2016-10167: DoS vulnerability in gdImageCreateFromGd2Ctx()
Fixed In Version:
gd 2.2.4
References:
https://libgd.github.io
https://marc.info/?l=oss-security&m=148563789328255&w=2
Patch:
https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
CVE-2016-10168: Integer overflow in gd_io.c
Fixed In Version:
gd 2.2.4
References:
https://libgd.github.io
http://www.openwall.com/lists/oss-security/2017/01/28/6
Patch:
https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
(from redmine: issue id 7203, created on 2017-04-25, closed on 2017-08-22)
- Relations:
- parent #7199 (closed)