First Last Prev Next    This bug is not in your last search results.
Bug 987577 - (CVE-2016-6132) VUL-1: CVE-2016-6132: gd: read out-of-bands was found in the parsing of TGA files using libgd
(CVE-2016-6132)
VUL-1: CVE-2016-6132: gd: read out-of-bands was found in the parsing of TGA f...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/170586/
CVSSv2:SUSE:CVE-2016-6132:4.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-07-04 14:16 UTC by Andreas Stieger
Modified: 2017-05-22 15:34 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
reproducer (74 bytes, image/x-tga)
2016-07-04 14:18 UTC, Andreas Stieger 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-07-04 14:16:44 UTC 
http://seclists.org/oss-sec/2016/q2/636

A read out-of-bands was found in the parsing of TGA files using the
last revision of libgd (a6a0e7f) but older versions can be affected. A
reproducer and some technical details are available here:

From https://github.com/libgd/libgd/issues/247

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6132
http://seclists.org/oss-sec/2016/q2/636
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6132.html

No upstream patch yet.
Comment 2 Swamp Workflow Management 2016-07-04 22:01:09 UTC 
bugbot adjusting priority
Comment 3 Petr Gajdos 2016-08-02 08:29:17 UTC 
php5/php7 gd does not have tga support.
Comment 5 Petr Gajdos 2016-08-08 11:48:06 UTC 
affected: 13.2/gd, 12/gd
not affected: 11/gd
Comment 6 Petr Gajdos 2016-08-08 13:38:23 UTC 
I believe all affected code streams are fixed.
Comment 7 Bernhard Wiedemann 2016-08-08 14:00:37 UTC 
This is an autogenerated message for OBS integration:
This bug (987577) was mentioned in
https://build.opensuse.org/request/show/417845 13.2 / gd
Comment 9 Swamp Workflow Management 2016-08-19 17:10:43 UTC 
openSUSE-SU-2016:2117-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 987577,988032,991436,991622,991710
CVE References: CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214
Sources used:
openSUSE 13.2 (src):    gd-2.1.0-7.11.1
Comment 10 Bernhard Wiedemann 2016-08-23 14:00:46 UTC 
This is an autogenerated message for OBS integration:
This bug (987577) was mentioned in
https://build.opensuse.org/request/show/421269 Factory / gd
Comment 12 Swamp Workflow Management 2016-09-14 11:10:40 UTC 
SUSE-SU-2016:2303-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 982176,987577,988032,991436,991622,991710,995034
CVE References: CVE-2016-5116,CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214,CVE-2016-6905
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    gd-2.1.0-12.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    gd-2.1.0-12.1
SUSE Linux Enterprise Server 12-SP1 (src):    gd-2.1.0-12.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    gd-2.1.0-12.1
Comment 13 Swamp Workflow Management 2016-09-24 00:09:26 UTC 
openSUSE-SU-2016:2363-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 982176,987577,988032,991436,991622,991710,995034
CVE References: CVE-2016-5116,CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214,CVE-2016-6905
Sources used:
openSUSE Leap 42.1 (src):    gd-2.1.0-10.1
Comment 14 Marcus Meissner 2017-05-22 15:34:17 UTC 
released
First Last Prev Next    This bug is not in your last search results.