[3.2] gd: multiple issues (CVE-2015-8874, CVE-2016-5766, CVE-2016-5767, CVE-2016-6128, CVE-2016-6132, CVE-2016-6207, CVE-2016-6214)
CVE-2015-8874: Stack overflow with gdImageFillToBorder
CVE-2016-5766: Integer Overflow in _gd2GetHeader
CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
CVE-2016-6128: Invalid color index not handled, can lead to crash
CVE-2016-6132: A read out-of-bands was found in the parsing of TGA files
CVE-2016-6207: Integer overflow error within _gdContributionsAlloc()
CVE-2016-6214: Buffer over-read issue when parsing crafted TGA file
Reference:
(from redmine: issue id 6077, created on 2016-08-23, closed on 2017-05-22)
- Relations:
- parent #6073 (closed)
- Changesets:
- Revision 262e2cf8 on 2016-09-14T09:53:30Z:
main/gd: security fixes. Fixes #6077
CVE-2015-8874
CVE-2016-5116
CVE-2016-5766
CVE-2016-6128
CVE-2016-6161
CVE-2016-6214
(cherry picked from commit b977ac9875306ca4c7da72609ffc99410c1cb123)