Bug 37089 - libgd2: Denial of service (4.0)
libgd2: Denial of service (4.0)
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P4 normal (vote)
: UCS 4.0-3-errata
Assigned To: Felix Botner
Daniel Tröder
Depends on:
  Show dependency treegraph
Reported: 2014-11-27 12:15 CET by Moritz Muehlenhoff
Modified: 2017-10-26 13:54 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
requate: Patch_Available+


Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-11-27 12:15:07 CET
+++ This bug was initially created as a clone of Bug #34345 +++


NULL pointer dereference in the gdImageCreateFromXpm() function.
Comment 1 Arvid Requate univentionstaff 2015-03-31 15:03:54 CEST

Potential crash of long running service due to buffer read overflow in gd_gif_in.c when reading crafted GIFs.
Comment 2 Arvid Requate univentionstaff 2015-05-06 18:19:41 CEST
Fixed in upstream Debian package version 2.0.36~rc1~dfsg-6.1+deb7u1
Comment 3 Felix Botner univentionstaff 2015-09-11 11:19:55 CEST
2.0.36~rc1~dfsg-6.1+deb7u1 imported from wheezy and built in errata4.0-3

YAML: 2015-09-11-libgd2.yaml
Comment 4 Daniel Tröder univentionstaff 2015-09-18 12:33:40 CEST
OK: DEBIAN_FRONTEND=noninteractive apt-get install -y libgd2-noxpm
OK: Test:
  * repository/online/unmaintained=true
  * aptitude install libgd-tools
  * wget https://www.univention.de/wp-content/uploads/2014/07/UCS_Logo_974x169_auf_transparent-e1428568384183.png -O Ulogo.png
  * pngtogd2 Ulogo.png Ulogo.gd2 1 2 && echo OK
  * gd2topng Ulogo.gd2 Ulogo2.png && echo OK

YAML was amended by QA (r63834+r63835), adding a note regarding CVE-2014-9709.
Comment 5 Janek Walkenhorst univentionstaff 2015-09-23 17:11:39 CEST