SB2017011941 - Fedora 24 update for gd
Published: January 19, 2017 Updated: April 24, 2025
Security Bulletin ID
SB2017011941
Severity
High
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2016-9317)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.The vulnerability exists due to improper input validation when processing overly large images in the gdImageCreate() function in the GD Graphics Library (aka libgd) before 2.2.4. A remote attacker can supply an overly large image and crash the application, using the affected library.
2) Double free error (CVE-ID: CVE-2016-6912)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.The vulnerability exists due to double free error when processing large image width and height values in gdImageWebPtr() function in the GD Graphics Library (aka libgd). A remote attacker create a specially crafted image file, trigger double free error and crash the affected application or execute arbitrary code on the target system.
Remediation
Install update from vendor's website.