gd: multiple issues (CVE-2015-8874, CVE-2016-5766, CVE-2016-5767, CVE-2016-6128, CVE-2016-6132, CVE-2016-6207, CVE-2016-6214)
CVE-2015-8874: Stack overflow with gdImageFillToBorder
CVE-2016-5766: Integer Overflow in _gd2GetHeader
CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
CVE-2016-6128: Invalid color index not handled, can lead to crash
CVE-2016-6132: A read out-of-bands was found in the parsing of TGA files
CVE-2016-6207: Integer overflow error within _gdContributionsAlloc()
CVE-2016-6214: Buffer over-read issue when parsing crafted TGA file
Reference:
(from redmine: issue id 6073, created on 2016-08-23, closed on 2017-04-08)
- Relations:
- child #6074 (closed)
- child #6075 (closed)
- child #6076 (closed)
- child #6077 (closed)
- child #6078 (closed)