Bugzilla – Bug 982176
VUL-0: CVE-2016-5116: gd: avoid stack overflow (read) with large names
Last modified: 2017-05-22 15:34:04 UTC
CVE-2016-5116 https://github.com/libgd/libgd/issues/211 length from the failed vsnprintf attempt to copy more than 8000 chars on a 4096 buffer ... libgd returns this length as is and PHP prints more information from memory than it should. xbm: avoid stack overflow (read) with large names #211 We use the name passed in to printf into a local stack buffer which is limited to 4000 bytes. So given a large enough value, lots of stack data is leaked. Rewrite the code to do simple memory copies with most of the strings to avoid that issue, and only use stack buffer for small numbers of constant size. Upstream Patch: https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5116 http://seclists.org/oss-sec/2016/q2/430
http://seclists.org/oss-sec/2016/q2/430 PHP devs marked it as a "not a bug" because the bundled version of libgd with PHP 5.5 is not vulnerable, however using PHP with systemwide libgd is a common practice. For purposes of CVE ID assignment, we do not feel that it's necessary to suggest a decision about whether this must also be considered a vulnerability in any PHP 5.5.x releases. 4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 indicates that it's an upstream bug, and the bug has plausible security relevance in some contexts (which might be contexts involving integration of libgd and PHP, or might be non-PHP contexts).
Submitted for Tumbleweed, 13.2 and 12. Others are not affected.
This is an autogenerated message for OBS integration: This bug (982176) was mentioned in https://build.opensuse.org/request/show/398959 Factory / gd https://build.opensuse.org/request/show/398962 13.2 / gd
bugbot adjusting priority
openSUSE-SU-2016:1516-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 982176 CVE References: CVE-2016-5116 Sources used: openSUSE 13.2 (src): gd-2.1.0-7.8.1
SUSE-SU-2016:2303-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 982176,987577,988032,991436,991622,991710,995034 CVE References: CVE-2016-5116,CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214,CVE-2016-6905 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP1 (src): gd-2.1.0-12.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): gd-2.1.0-12.1 SUSE Linux Enterprise Server 12-SP1 (src): gd-2.1.0-12.1 SUSE Linux Enterprise Desktop 12-SP1 (src): gd-2.1.0-12.1
openSUSE-SU-2016:2363-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 982176,987577,988032,991436,991622,991710,995034 CVE References: CVE-2016-5116,CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214,CVE-2016-6905 Sources used: openSUSE Leap 42.1 (src): gd-2.1.0-10.1
released