Updated libgd packages fixe security vulnerabilities
Publication date: 22 Dec 2016Modification date: 22 Dec 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-6911 , CVE-2016-8670
Description
Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service (CVE-2016-6911). Emmanuel Law discovered that the GD library incorrectly handled certain strings when creating images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code (CVE-2016-8670).
References
SRPMS
5/core
- libgd-2.2.3-1.4.mga5