Package "libgd-dbg"
Name: |
libgd-dbg
|
Description: |
Debug symbols for GD Graphics Library
|
Latest version: |
2.1.1-4ubuntu0.16.04.12 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
main |
Head package: |
libgd2 |
Homepage: |
http://www.libgd.org/ |
Links
Download "libgd-dbg"
Other versions of "libgd-dbg" in Xenial
Changelog
libgd2 (2.1.1-4ubuntu0.16.04.6) xenial-security; urgency=medium
* SECURITY UPDATE: potential unsigned underflow
- debian/patches/CVE-2016-10166.patch: refactor loop in
src/gd_interpolation.c.
- CVE-2016-10166
* SECURITY UPDATE: DoS vulnerability in gdImageCreateFromGd2Ctx()
- debian/patches/CVE-2016-10167.patch: properly fail in src/gd_gd2.c.
- CVE-2016-10167
* SECURITY UPDATE: signed integer overflow in gd_io.c
- debian/patches/CVE-2016-10168.patch: check counts in src/gd_gd2.c.
- CVE-2016-10168
* SECURITY UPDATE: OOB reads of the TGA decompression buffer
- debian/patches/CVE-2016-6906-pre1.patch: fix coverty warning in
src/gd_tga.c.
- debian/patches/CVE-2016-6906-pre2.patch: fix TGA RLE decoding in
src/gd_tga.c.
- debian/patches/CVE-2016-6906-1.patch: check for overflow in
src/gd_tga.c.
- debian/patches/CVE-2016-6906-2.patch: add another overflow check in
src/gd_tga.c.
- CVE-2016-6906
* SECURITY UPDATE: double-free in gdImageWebPtr()
- debian/patches/CVE-2016-6912.patch: add helper function to indicate
failure in src/gd_webp.c.
- CVE-2016-6912
* SECURITY UPDATE: DoS via oversized image
- debian/patches/CVE-2016-9317.patch: check for oversized images in
src/gd.c.
- CVE-2016-9317
* SECURITY UPDATE: DoS via stack consumption
- debian/patches/CVE-2016-9933.patch: check for invalid colors in
src/gd.c.
- CVE-2016-9933
-- Marc Deslauriers <email address hidden> Tue, 28 Feb 2017 10:29:32 -0500
|
Source diff to previous version |
CVE-2016-1016 |
Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 o |
CVE-2016-6906 |
OOB reads of the TGA decompression buffer |
CVE-2016-6912 |
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecifi |
CVE-2016-9317 |
The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via |
CVE-2016-9933 |
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP befor |
|
libgd2 (2.1.1-4ubuntu0.16.04.5) xenial-security; urgency=medium
* SECURITY UPDATE: denial of service via invalid read in
gdImageCreateFromTiffPtr()
- debian/patches/CVE-2016-6911.patch: check out of bounds reads in
src/gd_io_dp.c, check return code in src/gd_tiff.c.
- CVE-2016-6911
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow in gdImageWebpCtx
- debian/patches/CVE-2015-7568.patch: check for overflow in
src/gd_webp.c.
- CVE-2016-7568
* SECURITY UPDATE: stack buffer overflow in dynamicGetbuf
- debian/patches/CVE-2016-8670.patch: avoid potentially dangerous
signed to unsigned conversion in src/gd_io_dp.c.
- CVE-2016-8670
-- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 14:16:31 +0200
|
Source diff to previous version |
CVE-2016-6911 |
invalid read in gdImageCreateFromTiffPtr() |
CVE-2015-7568 |
RESERVED |
CVE-2016-7568 |
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, all |
CVE-2016-8670 |
Stack Buffer Overflow in GD dynamicGetbuf |
|
libgd2 (2.1.1-4ubuntu0.16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: out of bounds read in TGA file parsing
- debian/patches/CVE-2016-6132.patch: properly validate image data in
src/gd_tga.c.
- CVE-2016-6132
* SECURITY UPDATE: OOB or OOM in gdImageScale
- debian/patches/CVE-2016-6207.patch: check for overflows, use floats,
and check return codes in src/gd.c, src/gd_interpolation.c.
- CVE-2016-6207
* SECURITY UPDATE: out-of-bounds read issue with unsupported TGA
bpp/alphabit combinations
- debian/patches/CVE-2016-6214.patch: improve checks in src/gd_tga.c.
- CVE-2016-6214
-- Marc Deslauriers <email address hidden> Tue, 09 Aug 2016 09:38:28 -0400
|
Source diff to previous version |
|
libgd2 (2.1.1-4ubuntu0.16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: stack overflow with large names
- debian/patches/CVE-2016-5116.patch: properly handle names in
src/gd_xbm.c.
- CVE-2016-5116
* SECURITY UPDATE: integer overflow in _gd2GetHeader()
- debian/patches/CVE-2016-5766.patch: check for overflow in
src/gd_gd2.c.
- CVE-2016-5766
* SECURITY UPDATE: denial of service via invalid color index
- debian/patches/CVE-2016-6128.patch: check color index in
src/gd_crop.c, added test to tests/CMakeLists.txt, tests/Makefile.am,
tests/gdimagecrop/php_bug_72494.c.
- CVE-2016-6128
* SECURITY UPDATE: out of bounds read of masks array
- debian/patches/CVE-2016-6161.patch: properly handle EOF marker in
src/gd_gif_out.c.
- CVE-2016-6161
-- Marc Deslauriers <email address hidden> Fri, 08 Jul 2016 14:22:56 -0400
|
Source diff to previous version |
CVE-2016-5116 |
xbm: avoid stack overflow (read) with large names |
CVE-2016-5766 |
Integer Overflow in _gd2GetHeader() resulting in heap overflow |
CVE-2016-6128 |
Invalid color index is not properly handled leading to denial of service |
|
libgd2 (2.1.1-4ubuntu0.16.04.1) xenial-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted imagefilltoborder call
- debian/patches/CVE-2015-8874.patch: add limits to src/gd.c.
- CVE-2015-8874
* SECURITY UPDATE: denial of service via memleak in gdImageScaleTwoPass
- debian/patches/CVE-2015-8877.patch: use gdImageDestroy in
src/gd_interpolation.c.
- CVE-2015-8877
* SECURITY UPDATE: denial of service and possible code execution via
crafted compressed gd2 data
- debian/patches/CVE-2016-3074.patch: perform range checking in
src/gd_gd2.c.
- CVE-2016-3074
-- Marc Deslauriers <email address hidden> Thu, 26 May 2016 09:22:19 -0400
|
CVE-2015-8874 |
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. |
CVE-2015-8877 |
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses incons |
CVE-2016-3074 |
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potential |
|
About
-
Send Feedback to @ubuntu_updates