MGASA-2017-0055

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2017-0055.html
Import Source
https://advisories.mageia.org/MGASA-2017-0055.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2017-0055
Related
Published
2017-02-20T13:00:19Z
Modified
2017-02-20T09:20:17Z
Summary
Updated libgd packages fix security vulnerability
Details

OOB reads of the TGA decompression buffer (CVE-2016-6906).

Double-free in gdImageWebPtr() (CVE-2016-6912).

gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities (CVE-2016-9317).

Potential unsigned underflow in gd_interpolation.c (CVE-2016-10166).

DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167).

Signed Integer Overflow gd_io.c (CVE-2016-10168).

References
Credits

Affected packages

Mageia:5 / libgd

Package

Name
libgd
Purl
pkg:rpm/mageia/libgd?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.4-1.1.mga5

Ecosystem specific 

{
    "section": "core"
}