Univention Bugzilla – Bug 37089
libgd2: Denial of service (4.0)
Last modified: 2017-10-26 13:54:47 CEST
+++ This bug was initially created as a clone of Bug #34345 +++ CVE-2014-2497 NULL pointer dereference in the gdImageCreateFromXpm() function.
CVE-2014-9709 Potential crash of long running service due to buffer read overflow in gd_gif_in.c when reading crafted GIFs.
Fixed in upstream Debian package version 2.0.36~rc1~dfsg-6.1+deb7u1
2.0.36~rc1~dfsg-6.1+deb7u1 imported from wheezy and built in errata4.0-3 YAML: 2015-09-11-libgd2.yaml
OK: DEBIAN_FRONTEND=noninteractive apt-get install -y libgd2-noxpm OK: Test: * repository/online/unmaintained=true * aptitude install libgd-tools * wget https://www.univention.de/wp-content/uploads/2014/07/UCS_Logo_974x169_auf_transparent-e1428568384183.png -O Ulogo.png * pngtogd2 Ulogo.png Ulogo.gd2 1 2 && echo OK * gd2topng Ulogo.gd2 Ulogo2.png && echo OK YAML was amended by QA (r63834+r63835), adding a note regarding CVE-2014-9709.
<http://errata.software-univention.de/ucs/4.0/323.html>