Lucene search

K
mageiaGentoo FoundationMGASA-2017-0055
HistoryFeb 20, 2017 - 4:00 p.m.

Updated libgd packages fix security vulnerability

2017-02-2016:00:19
Gentoo Foundation
advisories.mageia.org
5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.8%

OOB reads of the TGA decompression buffer (CVE-2016-6906). Double-free in gdImageWebPtr() (CVE-2016-6912). gdImageCreate() doesn’t check for oversized images and as such is prone to DoS vulnerabilities (CVE-2016-9317). Potential unsigned underflow in gd_interpolation.c (CVE-2016-10166). DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167). Signed Integer Overflow gd_io.c (CVE-2016-10168).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchlibgd< 2.2.4-1.1libgd-2.2.4-1.1.mga5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.8%