Headline
CVE-2016-3074: Debian -- Security Information -- DSA-3556-1 libgd2
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
Debian Security Advisory
Date Reported:
24 Apr 2016
Affected Packages:
libgd2
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 822242.
In Mitre’s CVE dictionary: CVE-2016-3074.
More information:
Hans Jerry Illikainen discovered that libgd2, a library for programmatic graphics creation and manipulation, suffers of a signedness vulnerability which may result in a heap overflow when processing specially crafted compressed gd2 data. A remote attacker can take advantage of this flaw to cause an application using the libgd2 library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application.
For the oldstable distribution (wheezy), this problem has been fixed in version 2.0.36~rc1~dfsg-6.1+deb7u2.
For the stable distribution (jessie), this problem has been fixed in version 2.1.0-5+deb8u1.
For the unstable distribution (sid), this problem has been fixed in version 2.1.1-4.1.
We recommend that you upgrade your libgd2 packages.
Related news
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.