[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability



======================================================================



                    Secunia Research 03/08/2016



           LibGD "_gdContributionsAlloc()" Integer Overflow 

	              Denial of Service Vulnerability



======================================================================

Table of Contents



Affected Software....................................................1

Severity.............................................................2

Description of Vulnerabilities.......................................3

Solution.............................................................4

Time Table...........................................................5

Credits..............................................................6

References...........................................................7

About Secunia........................................................8

Verification.........................................................9



======================================================================

1) Affected Software



* LibGD version 2.2.2.

  Prior versions may also be affected.



======================================================================

2) Severity



Rating: Moderately critical

Impact: Denial of Service

Where:  From remote



======================================================================

3) Description of Vulnerabilities



Secunia Research has discovered a vulnerability in LibGD, which can

be exploited by malicious people to cause a DoS (Denial of Service).



The vulnerability is caused due to an integer overflow error within

the "_gdContributionsAlloc()" function (gd_interpolation.c) 

and can be exploited to cause an out-of-bounds memory write access 

or exhaust available memory.



======================================================================

4) Solution



Update to version 2.2.3.



======================================================================

5) Time Table



03/07/2016 - Initial contact with vendor.

03/07/2016 - Vendor responds and confirms the issue and sends a patch.

07/07/2016 - Replied to the vendor the patch is incomplete.

13/07/2016 - CVE requested from Mitre.

13/07/2016 - Mitre assigns CVE-2016-6207 for the issue.

19/07/2016 - Vendor patches the issue in the source code repository.

19/07/2016 - Release of Secunia Advisory SA71416

22/07/2016 - Vendor releases fixed version 2.2.3.

03/08/2016 - Public disclosure of Research Advisory.



======================================================================

6) Credits



Discovered by Kasper Leigh Haabb, Secunia Research at Flexera

Software.



======================================================================

7) References



The Common Vulnerabilities and Exposures (CVE) project has assigned

the CVE-2016-6207 identifier for the vulnerability.



======================================================================

8) About Secunia (now part of Flexera Software)



In September 2015, Secunia has been acquired by Flexera Software:



https://secunia.com/blog/435/



Secunia offers vulnerability management solutions to corporate

customers with verified and reliable vulnerability intelligence

relevant to their specific system configuration:



http://secunia.com/products/



Secunia also provides a publicly accessible and comprehensive advisory

database as a service to the security community and private 

individuals, who are interested in or concerned about IT-security.



http://secunia.com/advisories/



Secunia believes that it is important to support the community and to

do active vulnerability research in order to aid improving the 

security and reliability of software in general:



http://secunia.com/secunia_research/



Secunia regularly hires new skilled team members. Check the URL below

to see currently vacant positions:



http://secunia.com/company/jobs/



======================================================================

9) Verification



Please verify this advisory by visiting the Secunia website:

http://secunia.com/secunia_research/2016-9/



Complete list of vulnerability reports published by Secunia Research:

http://secunia.com/secunia_research/



======================================================================