Advisories » MGASA-2017-0086

Updated libwmf packages fix security vulnerability

Publication date: 25 Mar 2017
Modification date: 25 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9317 , CVE-2016-10167 , CVE-2016-10168

Description

The gdImageCreate function in the GD Graphics Library (aka libgd) before
2.2.4 allows remote attackers to cause a denial of service (system hang)
via an oversized image. (CVE-2016-9317)

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics
Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial
of service (application crash) via a crafted image file. (CVE-2016-10167)

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before
2.2.4 allows remote attackers to have unspecified impact via vectors
involving the number of horizontal and vertical chunks in an image.
(CVE-2016-10168)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20474
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168

SRPMS

5/core

• libwmf-0.2.8.4-32.4.mga5