Bug 1352544 (CVE-2016-6132)

Summary: CVE-2016-6132 gd: Buffer over-read issue when parsing crafted TGA file
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abhgupta, anemec, caolanm, dmcphers, fedora, hhorak, jialiu, jmlich83, jokerman, jorton, kseifried, lmeyer, mmccomas, mskalick, rcollet, slawomir, tiwillia, varekova, webstack-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-06 04:44:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1352548    
Bug Blocks: 1352552    

Description Adam Mariš 2016-07-04 10:05:48 UTC 
An out-of-bounds heap read vulnerability was found in latest revision of libgd (a6a0e7f) when parsing specially crafted TARGA file.

Upstream bug:

https://github.com/libgd/libgd/issues/247

CVE assignment:

http://seclists.org/oss-sec/2016/q2/636
Comment 1 Adam Mariš 2016-07-04 10:09:25 UTC 
Created gd tracking bugs for this issue:

Affects: fedora-all [bug 1352548]
Comment 2 Doran Moppert 2016-07-06 04:43:20 UTC 
gd releases prior to 2.1 did not include .TGA format support and so are not affected by this flaw.

This includes RHEL 5,6,7 and Openshift packages.

Note that the git repository's tag history is misleading in this respect - examine SRPMs to verify.
Comment 3 Doran Moppert 2016-07-07 02:12:15 UTC 
confirmed packages embedding gd including RHSCL variants are not affected, for the same reason as rhel-*/gd