SUSE-SU-2017:0468-1 -- SLES gdID: oval:org.secpod.oval:def:89044742 | Date: (C)2021-07-20 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for gd fixes the following security issues: - CVE-2016-6906: An out-of-bounds read in TGA decompression was fixed which could have lead to crashes. - CVE-2016-6912: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library allowed remote attackers to have unspecified impact via large width and height values. - CVE-2016-9317: The gdImageCreate function in the GD Graphics Library allowed remote attackers to cause a denial of service via an oversized image. - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the GD Graphics Library - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx could lead to libgd running out of memory even on small files. - CVE-2016-10168: A signed integer overflow in the GD Graphics Library could lead to memory corruption
Platform: |
SUSE Linux Enterprise Server 12 SP2 |