MGASA-2016-0215

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0215.html

Import Source

https://advisories.mageia.org/MGASA-2016-0215.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0215

Related

Published

2016-06-02T21:40:03Z

Modified

2016-06-02T21:32:56Z

Summary

Updated libgd packages fix security vulnerabilities

Details

Updated libgd packages fix security vulnerabilities:

The gdImageScaleTwoPass function in gd_interpolation.c in libgd before 2.2.0 uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function (CVE-2015-8877).

While creating an XBM image (imagexbm) with an user supplied name, libgd before 2.2.0 did not check the vsnprintf return value, so an application might trust this length and read more memory than it should, causing a read-out-of boundaries, leaking stack memory (CVE-2016-5116).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / libgd

Package

Name: libgd
Purl: pkg:rpm/mageia/libgd?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.1-1.2.mga5

Ecosystem specific

{
    "section": "core"
}