Main Vulnerability Database SB2016052308

SB2016052308 - Integer overflow in gd (Alpine package)

Published: May 23, 2016

Security Bulletin ID SB2016052308

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer overflow (CVE-ID: CVE-2016-10168)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.

The vulnerability exists due to integer overflow when processing the number of horizontal and vertical chunks in an image in gd_io.c. A remote attacker create a specially crafted image file, trigger memory corruption and crash the affected application or execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=1b8dc16a8d83cea1a0638ca75a327f234049e6fd
https://git.alpinelinux.org/aports/commit/?id=08114de6e0da35db211984405c8d9043e426ea58
https://git.alpinelinux.org/aports/commit/?id=87a5a2c48f6c4e068c31ba4ba9665d05a4a88682