Advisories ยป MGASA-2017-0086

Updated libwmf packages fix security vulnerability

Publication date: 25 Mar 2017
Modification date: 25 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9317 , CVE-2016-10167 , CVE-2016-10168

Description

The gdImageCreate function in the GD Graphics Library (aka libgd) before
2.2.4 allows remote attackers to cause a denial of service (system hang)
via an oversized image. (CVE-2016-9317)

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics
Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial
of service (application crash) via a crafted image file. (CVE-2016-10167)

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before
2.2.4 allows remote attackers to have unspecified impact via vectors
involving the number of horizontal and vertical chunks in an image.
(CVE-2016-10168)
                

References

SRPMS

5/core