Comment 1 Janek Walkenhorst 2016-07-01 18:27:03 CEST

For Debian 7 "Wheezy", these problems have been fixed in version
2.0.36~rc1~dfsg-6.1+deb7u4.

Comment 2 Arvid Requate 2016-07-18 15:12:15 CEST

Additional issues have been reported as fixed in Jessie version 2.1.0-5+deb8u4:

* xbm: avoid stack overflow (read) with large names (CVE-2016-5116)
* Invalid color index is not properly handled leading to denial of service (CVE-2016-6128)
* read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)
* Bug 1353550 – CVE-2016-6161 gd: Global out-of-bounds read when encoding gif from malformed gd2 input (CVE-2016-6161)
* read out-of-bounds issue (CVE-2016-6214)

All of all of the above CVE-2016-5766 still has the highest impact
  CVSS v2 Base score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)

Comment 3 Arvid Requate 2016-07-28 18:00:05 CEST

or Debian 7 "Wheezy", package version 2.0.36~rc1~dfsg-6.1+deb7u5 fixes

* Global out-of-bounds read when encoding gif from malformed gd2 input (CVE-2016-6161)

* Not affected by CVE-2016-5116 CVE-2016-6128 CVE-2016-6132 CVE-2016-6214

Comment 4 Arvid Requate 2016-08-11 18:35:36 CEST

CVE-2016-6132: [wheezy] - libgd2 <not-affected> (Vulnerable code not present)
CVE-2016-6214: [wheezy] - libgd2 <not-affected> (Vulnerable code not present)

Comment 5 Arvid Requate 2016-10-24 13:08:04 CEST

Upstream Debian package version 2.0.36~rc1~dfsg-6.1+deb7u6 fixes

* invalid read in gdImageCreateFromTiffPtr() (CVE-2016-6911)
* Stack Buffer Overflow in GD dynamicGetbuf (CVE-2016-8670)

Comment 6 Janek Walkenhorst 2017-01-17 16:46:31 CET

Upstream Debian package version 2.0.36~rc1~dfsg-6.1+deb7u7 fixes
 * imagefilltoborder stackoverflow (CVE-2016-9933)

Comment 7 Arvid Requate 2017-01-30 21:09:02 CET

Upstream Debian package version 2.0.36~rc1~dfsg-6.1+deb7u8 fixes

* Fix DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
* Fix #354: Signed Integer Overflow gd_io.c (CVE-2016-10168)
* The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image. (CVE-2016-9317)

Comment 8 Arvid Requate 2017-09-08 10:32:13 CEST

Upstream Debian package version 2.0.36~rc1~dfsg-6.1+deb7u9 fixes

* The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. (CVE-2017-7890)

Comment 9 Arvid Requate 2017-10-30 16:16:37 CET

2.0.36~rc1~dfsg-6.1+deb7u10 fixes:

* Denial of service or potential execution of arbitrary code if a specially crafted file is processed due to double free vulnerability in the gdImagePngPtr function (CVE-2017-6362)

Comment 10 Arvid Requate 2018-04-17 15:56:32 CEST

This issue has been filed against UCS 4.1.

UCS 4.1 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.