gd-2.2.3-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10062-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gd-2.2.3-2.1 on GA media These are all security issues fixed in the gd-2.2.3-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10062 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2014-2497/ SUSE CVE CVE-2014-2497 page https://www.suse.com/security/cve/CVE-2016-5116/ SUSE CVE CVE-2016-5116 page https://www.suse.com/security/cve/CVE-2016-5766/ SUSE CVE CVE-2016-5766 page https://www.suse.com/security/cve/CVE-2016-6128/ SUSE CVE CVE-2016-6128 page https://www.suse.com/security/cve/CVE-2016-6132/ SUSE CVE CVE-2016-6132 page https://www.suse.com/security/cve/CVE-2016-6207/ SUSE CVE CVE-2016-6207 page https://www.suse.com/security/cve/CVE-2016-6214/ SUSE CVE CVE-2016-6214 page https://www.suse.com/security/cve/CVE-2016-6905/ SUSE CVE CVE-2016-6905 page openSUSE Tumbleweed gd-2.2.3-2.1 gd-devel-2.2.3-2.1 libgd3-2.2.3-2.1 libgd3-32bit-2.2.3-2.1 gd-2.2.3-2.1 as a component of openSUSE Tumbleweed gd-devel-2.2.3-2.1 as a component of openSUSE Tumbleweed libgd3-2.2.3-2.1 as a component of openSUSE Tumbleweed libgd3-32bit-2.2.3-2.1 as a component of openSUSE Tumbleweed The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. CVE-2014-2497 openSUSE Tumbleweed:gd-2.2.3-2.1 openSUSE Tumbleweed:gd-devel-2.2.3-2.1 openSUSE Tumbleweed:libgd3-2.2.3-2.1 openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2497.html CVE-2014-2497 https://bugzilla.suse.com/868624 SUSE Bug 868624 gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name. CVE-2016-5116 openSUSE Tumbleweed:gd-2.2.3-2.1 openSUSE Tumbleweed:gd-devel-2.2.3-2.1 openSUSE Tumbleweed:libgd3-2.2.3-2.1 openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5116.html CVE-2016-5116 https://bugzilla.suse.com/982176 SUSE Bug 982176 Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. CVE-2016-5766 openSUSE Tumbleweed:gd-2.2.3-2.1 openSUSE Tumbleweed:gd-devel-2.2.3-2.1 openSUSE Tumbleweed:libgd3-2.2.3-2.1 openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5766.html CVE-2016-5766 https://bugzilla.suse.com/986386 SUSE Bug 986386 The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. CVE-2016-6128 openSUSE Tumbleweed:gd-2.2.3-2.1 openSUSE Tumbleweed:gd-devel-2.2.3-2.1 openSUSE Tumbleweed:libgd3-2.2.3-2.1 openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6128.html CVE-2016-6128 https://bugzilla.suse.com/987580 SUSE Bug 987580 https://bugzilla.suse.com/991710 SUSE Bug 991710 The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. CVE-2016-6132 openSUSE Tumbleweed:gd-2.2.3-2.1 openSUSE Tumbleweed:gd-devel-2.2.3-2.1 openSUSE Tumbleweed:libgd3-2.2.3-2.1 openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6132.html CVE-2016-6132 https://bugzilla.suse.com/987577 SUSE Bug 987577 https://bugzilla.suse.com/991436 SUSE Bug 991436 https://bugzilla.suse.com/995034 SUSE Bug 995034 Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors. CVE-2016-6207 openSUSE Tumbleweed:gd-2.2.3-2.1 openSUSE Tumbleweed:gd-devel-2.2.3-2.1 openSUSE Tumbleweed:libgd3-2.2.3-2.1 openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6207.html CVE-2016-6207 https://bugzilla.suse.com/991434 SUSE Bug 991434 https://bugzilla.suse.com/991622 SUSE Bug 991622 gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. CVE-2016-6214 openSUSE Tumbleweed:gd-2.2.3-2.1 openSUSE Tumbleweed:gd-devel-2.2.3-2.1 openSUSE Tumbleweed:libgd3-2.2.3-2.1 openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6214.html CVE-2016-6214 https://bugzilla.suse.com/987577 SUSE Bug 987577 https://bugzilla.suse.com/991436 SUSE Bug 991436 https://bugzilla.suse.com/995034 SUSE Bug 995034 The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. CVE-2016-6905 openSUSE Tumbleweed:gd-2.2.3-2.1 openSUSE Tumbleweed:gd-devel-2.2.3-2.1 openSUSE Tumbleweed:libgd3-2.2.3-2.1 openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6905.html CVE-2016-6905 https://bugzilla.suse.com/995034 SUSE Bug 995034