Bug 1417977 (CVE-2016-6912)

Summary: CVE-2016-6912 gd, php: Double free in gdImageWebpPtr()
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abhgupta, caolanm, carl_song, databases-maint, dmcphers, fedora, hhorak, huzaifas, jialiu, jmlich83, jokerman, jorton, kseifried, lmeyer, mmccomas, mskalick, rcollet, sardella, security-response-team, tiwillia, trepik, varekova, webstack-team, wmealing
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-29 03:59:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1418991, 1418992    
Bug Blocks: 1417990    

Description Adam Mariš 2017-01-31 14:23:27 UTC 
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.

Upstream patch:

https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
Comment 1 Adam Mariš 2017-02-03 11:31:59 UTC 
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1418991]
Comment 2 Adam Mariš 2017-02-03 11:32:14 UTC 
Created libwmf tracking bugs for this issue:

Affects: fedora-all [bug 1418992]
Comment 3 Carl Song 2017-06-13 18:18:29 UTC 
Will the fix for Fedora port to Red Hat soon?
Comment 4 Wade Mealing 2017-06-14 01:28:12 UTC 
Redirecting flag to correct reporter.
Comment 5 Huzaifa S. Sidhpurwala 2017-06-19 08:17:02 UTC 
(In reply to Carl Song from comment #3)
> Will the fix for Fedora port to Red Hat soon?

Please contact Red Hat support staff for questions regarding updates for Red Hat products.
Comment 6 Huzaifa S. Sidhpurwala 2018-04-01 02:48:15 UTC 
Analysis:

This issue does not affect the version of php or libgd shipped with any versions of Red Hat Enterprise Linux since the affected code is not shipped with these packages.

In the version of php shipped with Red Hat Enterprise Linux 7, the code exists in the source code but is not compiled because php is not compiled with libvpx.