Bug 1418984 (CVE-2016-10167)

Summary: CVE-2016-10167 gd: DoS vulnerability in gdImageCreateFromGd2Ctx()
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: caolanm, databases-maint, djez, dmcphers, fedora, ffutigam, hhorak, jialiu, jmlich83, jokerman, jorton, lmeyer, mmccomas, rcollet, slawomir, webstack-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20160816,reported=20170126,source=oss-security,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,rhel-5/gd=wontfix,rhel-6/gd=wontfix,rhel-7/gd=wontfix,rhel-5/php=wontfix,rhel-5/php53=wontfix,rhel-6/php=wontfix,rhel-7/php=affected,rhel-5/libwmf=wontfix,rhel-6/libwmf=wontfix,rhel-7/libwmf=wontfix,rhscl-3/rh-php56-php=wontfix,rhscl-3/rh-php70-php=affected,fedora-all/php=affected,fedora-all/gd=notaffected,fedora-all/libwmf=affected,rhscl-3/rh-php71-php=notaffected
Fixed In Version: gd 2.2.4, php 5.6.30, php 7.0.15, php 7.1.1 Doc Type: If docs needed, set a value
Doc Text:
A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:07:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1418991, 1418992, 1497888, 1497889, 1554540, 1563119    
Bug Blocks: 1417990    

Description Adam Mariš 2017-02-03 11:07:05 UTC
Possible DoS vulnerability in gdImageCreateFromGd2Ctx() was found.

Upstream patch:

https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f

PHP bug:

https://bugs.php.net/bug.php?id=73868

CVE assignment:

http://www.openwall.com/lists/oss-security/2017/01/28/6

Comment 1 Adam Mariš 2017-02-03 11:33:07 UTC
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1418991]

Comment 2 Adam Mariš 2017-02-03 11:33:22 UTC
Created libwmf tracking bugs for this issue:

Affects: fedora-all [bug 1418992]

Comment 5 errata-xmlrpc 2017-11-15 05:01:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:3221 https://access.redhat.com/errata/RHSA-2017:3221

Comment 11 errata-xmlrpc 2018-05-03 05:05:58 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS

Via RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296