|
|
Subscribe / Log in / New account

libgd2: code execution

Package(s):libgd2 CVE #(s):CVE-2016-3074
Created:April 25, 2016 Updated:May 16, 2016
Description: From the Debian advisory:

Hans Jerry Illikainen discovered that libgd2, a library for programmatic graphics creation and manipulation, suffers of a signedness vulnerability which may result in a heap overflow when processing specially crafted compressed gd2 data. A remote attacker can take advantage of this flaw to cause an application using the libgd2 library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application.

Alerts:
Red Hat RHSA-2016:2750-01 rh-php56 2016-11-15
Gentoo 201607-04 gd 2016-07-16
Debian DSA-3602-1 php5 2016-06-14
openSUSE openSUSE-SU-2016:1553-1 php5 2016-06-11
Ubuntu USN-2987-1 libgd2 2016-05-31
Fedora FEDORA-2016-7d6cbcadca gd 2016-05-16
openSUSE openSUSE-SU-2016:1274-1 php5 2016-05-11
Arch Linux ASA-201605-8 gd 2016-05-06
Slackware SSA:2016-120-02 php 2016-04-29
Fedora FEDORA-2016-5f91f43826 gd 2016-04-30
Mageia MGASA-2016-0152 libgd 2016-04-26
Debian DSA-3556-1 libgd2 2016-04-24
Gentoo 201611-22 php 2016-12-01
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds