VDB

GCVE-110-MAGEIA-2016-215

GCVE-110-MAGEIA-2016-215
Advisory Published
Vulnetix · Advisory published June 2, 2016
Updated libgd packages fix security vulnerabilities: The gdImageScaleTwoPass function in gd_interpolation.c in libgd before 2.2.0 uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function (CVE-2015-8877). While creating an XBM image (imagexbm) with an user supplied name, libgd before 2.2.0 did not check the vsnprintf return value, so an application might trust this length and read more memory than it should, causing a read-out-of boundaries, leaking stack memory (CVE-2016-5116).

Affected Products

VendorProductVersionsPlatforms
Mageialibgd0 (affected), 2.2.1-1.2.mga5 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›