Main Vulnerability Database SB2016052311

SB2016052311 - Improper input validation in gd (Alpine package)

Published: May 23, 2016

Security Bulletin ID SB2016052311

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: CVE-2016-9317)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing overly large images in the gdImageCreate() function in the GD Graphics Library (aka libgd) before 2.2.4. A remote attacker can supply an overly large image and crash the application, using the affected library.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=1b8dc16a8d83cea1a0638ca75a327f234049e6fd
https://git.alpinelinux.org/aports/commit/?id=08114de6e0da35db211984405c8d9043e426ea58
https://git.alpinelinux.org/aports/commit/?id=87a5a2c48f6c4e068c31ba4ba9665d05a4a88682