Bug 1022284 - (CVE-2016-6912) VUL-0: CVE-2016-6912: gd: Double free vulnerability in the gdImageWebPtr via large width and height values
(CVE-2016-6912)
VUL-0: CVE-2016-6912: gd: Double free vulnerability in the gdImageWebPtr via ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/179220/
CVSSv2:SUSE:CVE-2016-6912:7.5:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-27 14:38 UTC by Andreas Stieger
Modified: 2017-07-17 10:00 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-01-27 14:38:55 UTC
Double free vulnerability in the gdImageWebPtr function in the GD Graphics
Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified
impact via large width and height values.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912
https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
Comment 1 Swamp Workflow Management 2017-01-27 23:02:15 UTC
bugbot adjusting priority
Comment 2 Andreas Stieger 2017-01-30 12:09:07 UTC
SUSE:SLE-12:Update/gd
SUSE:SLE-12:Update/php5
SUSE:SLE-12:Update/php7
Comment 3 Petr Gajdos 2017-01-31 15:41:06 UTC
This is not part of php master, will notify php upstream.
Comment 4 Petr Gajdos 2017-01-31 15:57:15 UTC
While creating a testcase from gd upstream commit I have noticed php does not mediate gdImageWebpPtr(). Indeed:

https://bugs.php.net/bug.php?id=73867&edit=2

So gd only, if I have not overlooked something.
Comment 5 Andreas Stieger 2017-01-31 16:01:50 UTC
thanks, tracking adjusted
Comment 6 Petr Gajdos 2017-02-01 14:56:08 UTC
I believe all fixed.
Comment 8 Swamp Workflow Management 2017-02-15 11:10:40 UTC
SUSE-SU-2017:0468-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1022263,1022264,1022265,1022283,1022284,1022553
CVE References: CVE-2016-10166,CVE-2016-10167,CVE-2016-10168,CVE-2016-6906,CVE-2016-6912,CVE-2016-9317
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Server 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Server 12-SP1 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    gd-2.1.0-23.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    gd-2.1.0-23.1
Comment 9 Swamp Workflow Management 2017-02-22 20:32:35 UTC
openSUSE-SU-2017:0548-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1022263,1022264,1022265,1022283,1022284,1022553
CVE References: CVE-2016-10166,CVE-2016-10167,CVE-2016-10168,CVE-2016-6906,CVE-2016-6912,CVE-2016-9317
Sources used:
openSUSE Leap 42.2 (src):    gd-2.1.0-16.1
openSUSE Leap 42.1 (src):    gd-2.1.0-19.1
Comment 10 Marcus Meissner 2017-05-22 15:35:51 UTC
released
Comment 11 Bernhard Wiedemann 2017-07-17 10:00:55 UTC
This is an autogenerated message for OBS integration:
This bug (1022284) was mentioned in
https://build.opensuse.org/request/show/510888 Factory / gd