Bug 981061 - (CVE-2015-8877) VUL-0: CVE-2015-8877: php5, php53: The gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches.
(CVE-2015-8877)
VUL-0: CVE-2015-8877: php5, php53: The gdImageScaleTwoPass function in gd_int...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/169326/
CVSSv2:NVD:CVE-2015-8877:5.0:(AV:N/AC...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-05-23 08:41 UTC by Alexander Bergmann
Modified: 2016-09-01 10:19 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-05-23 08:41:04 UTC
CVE-2015-8877

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics
Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses
inconsistent allocate and free approaches, which allows remote attackers to
cause a denial of service (memory consumption) via a crafted call, as
demonstrated by a call to the PHP imagescale function.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8877
https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24
https://github.com/libgd/libgd/issues/173
https://bugs.php.net/bug.php?id=70064
Comment 1 Swamp Workflow Management 2016-05-23 22:01:17 UTC
bugbot adjusting priority
Comment 3 Petr Gajdos 2016-05-24 09:16:42 UTC
Reproduced with 13.2 and 12:

Installed packages: php5, php5-gd

$ cat test.php
<?php
$im = imagecreatetruecolor(256, 256);
imagescale($im, 32, 32, IMG_BICUBIC);
imagedestroy($im);
?>
$

BEFORE

$ valgrind --leak-check=full php test.php
[..]
==4388== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
$

AFTER

$ valgrind --leak-check=full php test.php
[..]
==13202== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
$

Older versions are not affected.
Comment 4 Bernhard Wiedemann 2016-05-24 13:00:44 UTC
This is an autogenerated message for OBS integration:
This bug (981061) was mentioned in
https://build.opensuse.org/request/show/397708 13.2 / php5
Comment 6 Bernhard Wiedemann 2016-06-01 12:01:13 UTC
This is an autogenerated message for OBS integration:
This bug (981061) was mentioned in
https://build.opensuse.org/request/show/399462 13.2 / php5
Comment 8 Swamp Workflow Management 2016-06-11 12:16:47 UTC
openSUSE-SU-2016:1553-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 976775,980366,980373,980375,981049,981050,981061,982009,982010,982011,982012,982013,982162
CVE References: CVE-2013-7456,CVE-2015-4116,CVE-2015-8873,CVE-2015-8874,CVE-2015-8876,CVE-2015-8877,CVE-2015-8879,CVE-2016-3074,CVE-2016-5093,CVE-2016-5094,CVE-2016-5095,CVE-2016-5096,CVE-2016-5114
Sources used:
openSUSE 13.2 (src):    php5-5.6.1-66.1
Comment 9 Swamp Workflow Management 2016-06-20 14:09:14 UTC
SUSE-SU-2016:1633-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 981049,981050,981061,982009,982010,982011,982012,982013
CVE References: CVE-2013-7456,CVE-2015-8876,CVE-2015-8877,CVE-2015-8879,CVE-2016-5093,CVE-2016-5094,CVE-2016-5095,CVE-2016-5096
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    imap-2007e_suse-19.1
SUSE Linux Enterprise Workstation Extension 12 (src):    imap-2007e_suse-19.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    imap-2007e_suse-19.1, php5-5.5.14-64.5
SUSE Linux Enterprise Software Development Kit 12 (src):    imap-2007e_suse-19.1, php5-5.5.14-64.5
SUSE Linux Enterprise Module for Web Scripting 12 (src):    imap-2007e_suse-19.1, php5-5.5.14-64.5
SUSE Linux Enterprise Desktop 12-SP1 (src):    imap-2007e_suse-19.1
SUSE Linux Enterprise Desktop 12 (src):    imap-2007e_suse-19.1
Comment 10 Swamp Workflow Management 2016-06-27 13:10:16 UTC
openSUSE-SU-2016:1688-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 981049,981050,981061,982009,982010,982011,982012,982013
CVE References: CVE-2013-7456,CVE-2015-8876,CVE-2015-8877,CVE-2015-8879,CVE-2016-5093,CVE-2016-5094,CVE-2016-5095,CVE-2016-5096
Sources used:
openSUSE Leap 42.1 (src):    imap-2007e_suse-22.1, php5-5.5.14-53.1
Comment 11 Marcus Meissner 2016-08-01 09:56:01 UTC
all released