Описание
Security update for gd
This update for gd fixes the following issues:
- CVE-2016-6214: Buffer over-read issue when parsing crafted TGA file [bsc#991436]
- CVE-2016-6132: read out-of-bands was found in the parsing of TGA files using libgd [bsc#987577]
- CVE-2016-6128: Invalid color index not properly handled [bsc#991710]
- CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991622]
- CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032]
- CVE-2016-5116: avoid stack overflow (read) with large names [bsc#982176]
- CVE-2016-6905: Out-of-bounds read in function read_image_tga in gd_tga.c [bsc#995034]
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP1
Ссылки
- Link for SUSE-SU-2016:2303-1
- E-Mail link for SUSE-SU-2016:2303-1
- SUSE Security Ratings
- SUSE Bug 982176
- SUSE Bug 987577
- SUSE Bug 988032
- SUSE Bug 991436
- SUSE Bug 991622
- SUSE Bug 991710
- SUSE Bug 995034
- SUSE CVE CVE-2016-5116 page
- SUSE CVE CVE-2016-6128 page
- SUSE CVE CVE-2016-6132 page
- SUSE CVE CVE-2016-6161 page
- SUSE CVE CVE-2016-6207 page
- SUSE CVE CVE-2016-6214 page
- SUSE CVE CVE-2016-6905 page
Описание
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.
Затронутые продукты
Ссылки
- CVE-2016-5116
- SUSE Bug 982176
Описание
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
Затронутые продукты
Ссылки
- CVE-2016-6128
- SUSE Bug 987580
- SUSE Bug 991710
Описание
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
Затронутые продукты
Ссылки
- CVE-2016-6132
- SUSE Bug 987577
- SUSE Bug 991436
- SUSE Bug 995034
Описание
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
Затронутые продукты
Ссылки
- CVE-2016-6161
- SUSE Bug 988032
Описание
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2016-6207
- SUSE Bug 991434
- SUSE Bug 991622
Описание
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
Затронутые продукты
Ссылки
- CVE-2016-6214
- SUSE Bug 987577
- SUSE Bug 991436
- SUSE Bug 995034
Описание
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
Затронутые продукты
Ссылки
- CVE-2016-6905
- SUSE Bug 995034