Univention Bugzilla – Bug 41718
libgd2: Multiple issues (4.1)
Last modified: 2019-04-11 19:24:20 CEST
* Integer Overflow in _gd2GetHeader() resulting in heap overflow. (CVE-2016-5766)
For Debian 7 "Wheezy", these problems have been fixed in version 2.0.36~rc1~dfsg-6.1+deb7u4.
Additional issues have been reported as fixed in Jessie version 2.1.0-5+deb8u4: * xbm: avoid stack overflow (read) with large names (CVE-2016-5116) * Invalid color index is not properly handled leading to denial of service (CVE-2016-6128) * read out-of-bands was found in the parsing of TGA files (CVE-2016-6132) * Bug 1353550 – CVE-2016-6161 gd: Global out-of-bounds read when encoding gif from malformed gd2 input (CVE-2016-6161) * read out-of-bounds issue (CVE-2016-6214) All of all of the above CVE-2016-5766 still has the highest impact CVSS v2 Base score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
or Debian 7 "Wheezy", package version 2.0.36~rc1~dfsg-6.1+deb7u5 fixes * Global out-of-bounds read when encoding gif from malformed gd2 input (CVE-2016-6161) * Not affected by CVE-2016-5116 CVE-2016-6128 CVE-2016-6132 CVE-2016-6214
CVE-2016-6132: [wheezy] - libgd2 <not-affected> (Vulnerable code not present) CVE-2016-6214: [wheezy] - libgd2 <not-affected> (Vulnerable code not present)
Upstream Debian package version 2.0.36~rc1~dfsg-6.1+deb7u6 fixes * invalid read in gdImageCreateFromTiffPtr() (CVE-2016-6911) * Stack Buffer Overflow in GD dynamicGetbuf (CVE-2016-8670)
Upstream Debian package version 2.0.36~rc1~dfsg-6.1+deb7u7 fixes * imagefilltoborder stackoverflow (CVE-2016-9933)
Upstream Debian package version 2.0.36~rc1~dfsg-6.1+deb7u8 fixes * Fix DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167) * Fix #354: Signed Integer Overflow gd_io.c (CVE-2016-10168) * The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image. (CVE-2016-9317)
Upstream Debian package version 2.0.36~rc1~dfsg-6.1+deb7u9 fixes * The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. (CVE-2017-7890)
2.0.36~rc1~dfsg-6.1+deb7u10 fixes: * Denial of service or potential execution of arbitrary code if a specially crafted file is processed due to double free vulnerability in the gdImagePngPtr function (CVE-2017-6362)
This issue has been filed against UCS 4.1. UCS 4.1 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.