Cloud Foundry Logo
blog single gear
Blog
Security Advisory

USN-3213-1: GD library vulnerabilities

by: March 31, 2017

USN-3213-1: GD library vulnerabilities

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04

Description

Stefan Esser discovered that the GD library incorrectly handled memory when processing certain images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-10166)

It was discovered that the GD library incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service. (CVE-2016-10167)

It was discovered that the GD library incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-10168)

Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed TGA images. If a user or automated system were tricked into processing a specially crafted TGA image, an attacker could cause a denial of service. (CVE-2016-6906)

Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed WebP images. If a user or automated system were tricked into processing a specially crafted WebP image, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-6912)

It was discovered that the GD library incorrectly handled creating oversized images. If a user or automated system were tricked into creating a specially crafted image, an attacker could cause a denial of service. (CVE-2016-9317)

It was discovered that the GD library incorrectly handled filling certain images. If a user or automated system were tricked into filling an image, an attacker could cause a denial of service. (CVE-2016-9933)

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs2 prior to 1.105.0.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 versions 1.105.0 or later.

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

CVE-2016-4450 Nginx Vulnerabilities
Security Advisory

CVE-2016-4450 Nginx Vulnerabilities

by Cloud Foundry Foundation Security Team July 13, 2016
USN-5136-1: Linux kernel vulnerabilities
Security Advisory

USN-5136-1: Linux kernel vulnerabilities

by Cloud Foundry Foundation Security Team January 20, 2022
CVE-2017-4991: UAA password reset vulnerability
Security Advisory

CVE-2017-4991: UAA password reset vulnerability

by Cloud Foundry Foundation Security Team May 16, 2017
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept