[3.3] gd: multiple issues (CVE-2015-8874, CVE-2016-5766, CVE-2016-5767, CVE-2016-6128, CVE-2016-6132, CVE-2016-6207, CVE-2016-6214)
CVE-2015-8874: Stack overflow with gdImageFillToBorder
CVE-2016-5766: Integer Overflow in _gd2GetHeader
CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
CVE-2016-6128: Invalid color index not handled, can lead to crash
CVE-2016-6132: A read out-of-bands was found in the parsing of TGA files
CVE-2016-6207: Integer overflow error within _gdContributionsAlloc()
CVE-2016-6214: Buffer over-read issue when parsing crafted TGA file
Reference:
(from redmine: issue id 6076, created on 2016-08-23, closed on 2017-05-22)
- Relations:
- parent #6073 (closed)
- Changesets:
- Revision b977ac98 on 2016-09-14T09:47:49Z:
main/gd: security fixes. Fixes #6076
CVE-2015-8874
CVE-2016-5116
CVE-2016-5766
CVE-2016-6128
CVE-2016-6161
CVE-2016-6214