Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:0548-1

Опубликовано: 22 фев. 2017
Источник: suse-cvrf

Описание

Security update for gd

This update for gd fixes the following security issues:

  • CVE-2016-6906: An out-of-bounds read in TGA decompression was fixed which could have lead to crashes. (bsc#1022553)
  • CVE-2016-6912: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) allowed remote attackers to have unspecified impact via large width and height values. (bsc#1022284)
  • CVE-2016-9317: The gdImageCreate function in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (system hang) via an oversized image. (bsc#1022283)
  • CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the GD Graphics Library (aka libgd) (bsc#1022263)
  • CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to libgd running out of memory even on small files. (bsc#1022264)
  • CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead to memory corruption (bsc#1022265)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1
gd-2.1.0-16.1
gd-32bit-2.1.0-16.1
gd-devel-2.1.0-16.1
openSUSE Leap 42.2
gd-2.1.0-16.1
gd-32bit-2.1.0-16.1
gd-devel-2.1.0-16.1

Ссылки

Описание

Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.

Затронутые продукты
openSUSE Leap 42.1:gd-2.1.0-16.1
openSUSE Leap 42.1:gd-32bit-2.1.0-16.1
openSUSE Leap 42.1:gd-devel-2.1.0-16.1
openSUSE Leap 42.2:gd-2.1.0-16.1
Ссылки

Описание

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

Затронутые продукты
openSUSE Leap 42.1:gd-2.1.0-16.1
openSUSE Leap 42.1:gd-32bit-2.1.0-16.1
openSUSE Leap 42.1:gd-devel-2.1.0-16.1
openSUSE Leap 42.2:gd-2.1.0-16.1
Ссылки

Описание

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.

Затронутые продукты
openSUSE Leap 42.1:gd-2.1.0-16.1
openSUSE Leap 42.1:gd-32bit-2.1.0-16.1
openSUSE Leap 42.1:gd-devel-2.1.0-16.1
openSUSE Leap 42.2:gd-2.1.0-16.1
Ссылки

Описание

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.

Затронутые продукты
openSUSE Leap 42.1:gd-2.1.0-16.1
openSUSE Leap 42.1:gd-32bit-2.1.0-16.1
openSUSE Leap 42.1:gd-devel-2.1.0-16.1
openSUSE Leap 42.2:gd-2.1.0-16.1
Ссылки

Описание

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.

Затронутые продукты
openSUSE Leap 42.1:gd-2.1.0-16.1
openSUSE Leap 42.1:gd-32bit-2.1.0-16.1
openSUSE Leap 42.1:gd-devel-2.1.0-16.1
openSUSE Leap 42.2:gd-2.1.0-16.1
Ссылки

Описание

The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.

Затронутые продукты
openSUSE Leap 42.1:gd-2.1.0-16.1
openSUSE Leap 42.1:gd-32bit-2.1.0-16.1
openSUSE Leap 42.1:gd-devel-2.1.0-16.1
openSUSE Leap 42.2:gd-2.1.0-16.1
Ссылки
Уязвимость openSUSE-SU-2017:0548-1