BugTraq
Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability Aug 03 2016 05:36PM
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 03/08/2016

LibGD "_gdContributionsAlloc()" Integer Overflow

Denial of Service Vulnerability

======================================================================

Table of Contents

Affected Software....................................................1

Severity.............................................................2

Description of Vulnerabilities.......................................3

Solution.............................................................4

Time Table...........................................................5

Credits..............................................................6

References...........................................................7

About Secunia........................................................8

Verification.........................................................9

======================================================================

1) Affected Software

* LibGD version 2.2.2.

Prior versions may also be affected.

======================================================================

2) Severity

Rating: Moderately critical

Impact: Denial of Service

Where: From remote

======================================================================

3) Description of Vulnerabilities

Secunia Research has discovered a vulnerability in LibGD, which can

be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an integer overflow error within

the "_gdContributionsAlloc()" function (gd_interpolation.c)

and can be exploited to cause an out-of-bounds memory write access

or exhaust available memory.

======================================================================

4) Solution

Update to version 2.2.3.

======================================================================

5) Time Table

03/07/2016 - Initial contact with vendor.

03/07/2016 - Vendor responds and confirms the issue and sends a patch.

07/07/2016 - Replied to the vendor the patch is incomplete.

13/07/2016 - CVE requested from Mitre.

13/07/2016 - Mitre assigns CVE-2016-6207 for the issue.

19/07/2016 - Vendor patches the issue in the source code repository.

19/07/2016 - Release of Secunia Advisory SA71416

22/07/2016 - Vendor releases fixed version 2.2.3.

03/08/2016 - Public disclosure of Research Advisory.

======================================================================

6) Credits

Discovered by Kasper Leigh Haabb, Secunia Research at Flexera

Software.

======================================================================

7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned

the CVE-2016-6207 identifier for the vulnerability.

======================================================================

8) About Secunia (now part of Flexera Software)

In September 2015, Secunia has been acquired by Flexera Software:

https://secunia.com/blog/435/

Secunia offers vulnerability management solutions to corporate

customers with verified and reliable vulnerability intelligence

relevant to their specific system configuration:

http://secunia.com/products/

Secunia also provides a publicly accessible and comprehensive advisory

database as a service to the security community and private

individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to

do active vulnerability research in order to aid improving the

security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below

to see currently vacant positions:

http://secunia.com/company/jobs/

======================================================================

9) Verification

Please verify this advisory by visiting the Secunia website:

http://secunia.com/secunia_research/2016-9/

Complete list of vulnerability reports published by Secunia Research:

http://secunia.com/secunia_research/

======================================================================

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus