{"id":"MGASA-2017-0055","summary":"Updated libgd packages fix security vulnerability","details":"OOB reads of the TGA decompression buffer (CVE-2016-6906).\n\nDouble-free in gdImageWebPtr() (CVE-2016-6912).\n\ngdImageCreate() doesn't check for oversized images and as such is prone to\nDoS vulnerabilities (CVE-2016-9317).\n\nPotential unsigned underflow in gd_interpolation.c (CVE-2016-10166).\n\nDOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167).\n\nSigned Integer Overflow gd_io.c (CVE-2016-10168).\n","modified":"2026-02-01T11:07:41.721759Z","published":"2017-02-20T13:00:19Z","related":["CVE-2016-10166","CVE-2016-10167","CVE-2016-10168","CVE-2016-6912","CVE-2016-9317"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0055.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20171"},{"type":"REPORT","url":"https://github.com/libgd/libgd/releases/tag/gd-2.2.4"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2017/01/26/1"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2017/01/28/6"},{"type":"REPORT","url":"https://www.debian.org/security/2017/dsa-3777"}],"affected":[{"package":{"name":"libgd","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libgd?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.4-1.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0055.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}