Bug 1435313 (CVE-2016-6906)

Summary: CVE-2016-6906 gd: Out-of-bounds read in read_image_tga function
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abhgupta, caolanm, databases-maint, fedora, hhorak, jmlich83, jorton, kseifried, mskalick, rcollet, tiwillia, trepik, varekova, webstack-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gd 2.2.4 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-29 04:07:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1435317    
Bug Blocks: 1417990    

Description Andrej Nemec 2017-03-23 14:18:55 UTC 
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.

Upstream patches:

https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558
https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415

References:

https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md
Comment 1 Andrej Nemec 2017-03-23 14:22:49 UTC 
Created libwmf tracking bugs for this issue:

Affects: fedora-all [bug 1435317]
Comment 2 Andrej Nemec 2017-03-23 14:23:00 UTC 
Created libwmf tracking bugs for this issue:

Affects: fedora-all [bug 1435317]