Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2016:2363-1

Опубликовано: 23 сент. 2016
Источник: suse-cvrf

Описание

Security update for gd

This update for gd fixes the following issues:

  • CVE-2016-6214: Buffer over-read issue when parsing crafted TGA file [bsc#991436]
  • CVE-2016-6132: read out-of-bands was found in the parsing of TGA files using libgd [bsc#987577]
  • CVE-2016-6128: Invalid color index not properly handled [bsc#991710]
  • CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991622]
  • CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032]
  • CVE-2016-5116: avoid stack overflow (read) with large names [bsc#982176]
  • CVE-2016-6905: Out-of-bounds read in function read_image_tga in gd_tga.c [bsc#995034]

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1
gd-2.1.0-10.1
gd-32bit-2.1.0-10.1
gd-devel-2.1.0-10.1

Ссылки

Описание

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

Затронутые продукты
openSUSE Leap 42.1:gd-2.1.0-10.1
openSUSE Leap 42.1:gd-32bit-2.1.0-10.1
openSUSE Leap 42.1:gd-devel-2.1.0-10.1
Ссылки

Описание

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.

Затронутые продукты
openSUSE Leap 42.1:gd-2.1.0-10.1
openSUSE Leap 42.1:gd-32bit-2.1.0-10.1
openSUSE Leap 42.1:gd-devel-2.1.0-10.1
Ссылки

Описание

The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

Затронутые продукты
openSUSE Leap 42.1:gd-2.1.0-10.1
openSUSE Leap 42.1:gd-32bit-2.1.0-10.1
openSUSE Leap 42.1:gd-devel-2.1.0-10.1
Ссылки

Описание

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

Затронутые продукты
openSUSE Leap 42.1:gd-2.1.0-10.1
openSUSE Leap 42.1:gd-32bit-2.1.0-10.1
openSUSE Leap 42.1:gd-devel-2.1.0-10.1
Ссылки

Описание

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

Затронутые продукты
openSUSE Leap 42.1:gd-2.1.0-10.1
openSUSE Leap 42.1:gd-32bit-2.1.0-10.1
openSUSE Leap 42.1:gd-devel-2.1.0-10.1
Ссылки

Описание

gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

Затронутые продукты
openSUSE Leap 42.1:gd-2.1.0-10.1
openSUSE Leap 42.1:gd-32bit-2.1.0-10.1
openSUSE Leap 42.1:gd-devel-2.1.0-10.1
Ссылки

Описание

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.

Затронутые продукты
openSUSE Leap 42.1:gd-2.1.0-10.1
openSUSE Leap 42.1:gd-32bit-2.1.0-10.1
openSUSE Leap 42.1:gd-devel-2.1.0-10.1
Ссылки