Описание
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libgd2 | fixed | 2.1.1-4.1 | package | |
| php5 | fixed | 5.6.21+dfsg-1 | package | |
| php7.0 | fixed | 7.0.6-1 | package | |
| hhvm | fixed | 3.12.11+dfsg-1 | package |
Примечания
HHVM implements additional sanity checks, not directly epxloitable
PoC: https://github.com/dyntopia/exploits/tree/master/CVE-2016-3074
Upstream fix: https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
Starting with 5.4.0-1 Debian uses the system copy of libgd
PHP bug: https://bugs.php.net/bug.php?id=71912
HHVM fix: https://github.com/facebook/hhvm/commit/29a6487d648d1593e1e2fa615d9b3a844756ddc3
Связанные уязвимости
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.