Cloud Foundry Logo
blog single gear
Blog
Security Advisory

USN-3213-1: GD library vulnerabilities

by: March 31, 2017

USN-3213-1: GD library vulnerabilities

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04

Description

Stefan Esser discovered that the GD library incorrectly handled memory when processing certain images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-10166)

It was discovered that the GD library incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service. (CVE-2016-10167)

It was discovered that the GD library incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-10168)

Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed TGA images. If a user or automated system were tricked into processing a specially crafted TGA image, an attacker could cause a denial of service. (CVE-2016-6906)

Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed WebP images. If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-6912)

It was discovered that the GD library incorrectly handled creating oversized images. If a user or automated system were tricked into creating a specially crafted image, an attacker could cause a denial of service. (CVE-2016-9317)

It was discovered that the GD library incorrectly handled filling certain images. If a user or automated system were tricked into filling an image, an attacker could cause a denial of service. (CVE-2016-9933)

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs2 prior to 1.105.0.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 versions 1.105.0 or later.

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-3085-1 GDK-PixBuf vulnerabilities
Security Advisory

USN-3085-1 GDK-PixBuf vulnerabilities

by Cloud Foundry Foundation Security Team September 28, 2016
CVE-2014-6271 and CVE-2014-7169 – ShellShock
Security Advisory

CVE-2014-6271 and CVE-2014-7169 – ShellShock

by Cloud Foundry Foundation Security Team September 25, 2014
USN-4019-1: SQLite vulnerabilities
Security Advisory

USN-4019-1: SQLite vulnerabilities

by Cloud Foundry Foundation Security Team July 10, 2019
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept