Bug 991436 (CVE-2016-6214)

Summary: VUL-0: CVE-2016-6214: gd: Buffer over-read issue when parsing crafted TGA file
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/170935/
Whiteboard: CVSSv2:RedHat:CVE-2016-6132:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2016-6214:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) maint:running:62929:moderate CVSSv2:SUSE:CVE-2016-6214:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: poc.tga

Comment 1 Petr Gajdos 2016-08-02 08:24:23 UTC
php5/php7's gd does not have tga support.
Comment 3 Petr Gajdos 2016-08-08 10:34:18 UTC
This is till issue in libgd 2.1.0, though.
Comment 4 Petr Gajdos 2016-08-08 10:37:14 UTC
From the cve assignment mail:

https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7
Comment 5 Petr Gajdos 2016-08-08 10:47:12 UTC
affected: 13.2/gd, 12/gd
not affected: 11/gd
Comment 6 Petr Gajdos 2016-08-08 11:07:30 UTC
No, the correct commit is (that one from comment 4 is for CVE-2016-6132):

https://github.com/libgd/libgd/pull/251/commits/981060efd6415ed9a08a6aa343e6e195bf65fb47
Comment 9 Petr Gajdos 2016-08-08 13:36:58 UTC
I believe all affected code streams are fixed.
Comment 10 Bernhard Wiedemann 2016-08-08 14:01:01 UTC
This is an autogenerated message for OBS integration:
This bug (991436) was mentioned in
https://build.opensuse.org/request/show/417845 13.2 / gd
Comment 12 Swamp Workflow Management 2016-08-19 17:10:59 UTC
openSUSE-SU-2016:2117-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 987577,988032,991436,991622,991710
CVE References: CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214
Sources used:
openSUSE 13.2 (src):    gd-2.1.0-7.11.1
Comment 13 Marcus Meissner 2016-08-23 13:03:31 UTC
Created attachment 689115 [details]
poc.tga

attached to issue https://github.com/libgd/libgd/issues/248
Comment 14 Bernhard Wiedemann 2016-08-23 14:00:57 UTC
This is an autogenerated message for OBS integration:
This bug (991436) was mentioned in
https://build.opensuse.org/request/show/421269 Factory / gd
Comment 16 Swamp Workflow Management 2016-09-14 11:11:00 UTC
SUSE-SU-2016:2303-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 982176,987577,988032,991436,991622,991710,995034
CVE References: CVE-2016-5116,CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214,CVE-2016-6905
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    gd-2.1.0-12.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    gd-2.1.0-12.1
SUSE Linux Enterprise Server 12-SP1 (src):    gd-2.1.0-12.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    gd-2.1.0-12.1
Comment 17 Swamp Workflow Management 2016-09-24 00:09:45 UTC
openSUSE-SU-2016:2363-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 982176,987577,988032,991436,991622,991710,995034
CVE References: CVE-2016-5116,CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214,CVE-2016-6905
Sources used:
openSUSE Leap 42.1 (src):    gd-2.1.0-10.1
Comment 18 Marcus Meissner 2017-05-22 14:29:47 UTC
released