Описание
Security update for gd
This update for gd fixes the following security issues:
- CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp (bsc#1001900)
- CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924)
- CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP1
Ссылки
- Link for SUSE-SU-2016:2668-1
- E-Mail link for SUSE-SU-2016:2668-1
- SUSE Security Ratings
- SUSE Bug 1001900
- SUSE Bug 1004924
- SUSE Bug 1005274
- SUSE CVE CVE-2016-6911 page
- SUSE CVE CVE-2016-7568 page
- SUSE CVE CVE-2016-8670 page
Описание
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
Затронутые продукты
Ссылки
- CVE-2016-6911
- SUSE Bug 1004924
- SUSE Bug 1005274
Описание
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
Затронутые продукты
Ссылки
- CVE-2016-7568
- SUSE Bug 1001900
Описание
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.
Затронутые продукты
Ссылки
- CVE-2016-8670
- SUSE Bug 1004924