Main Vulnerability Database SB2016052307

SB2016052307 - Improper input validation in gd (Alpine package)

Published: May 23, 2016

Security Bulletin ID SB2016052307

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: CVE-2016-10167)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing images in gdImageCreateFromGd2Ctx() function in gd_gd2.c. A remote attacker can supply a malformed image and crash the application, using the affected library.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=1b8dc16a8d83cea1a0638ca75a327f234049e6fd
https://git.alpinelinux.org/aports/commit/?id=08114de6e0da35db211984405c8d9043e426ea58
https://git.alpinelinux.org/aports/commit/?id=87a5a2c48f6c4e068c31ba4ba9665d05a4a88682