Bug 1417977 (CVE-2016-6912) - CVE-2016-6912 gd, php: Double free in gdImageWebpPtr()
Summary: CVE-2016-6912 gd, php: Double free in gdImageWebpPtr()
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2016-6912
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1418991 1418992
Blocks: 1417990
TreeView+ depends on / blocked
 
Reported: 2017-01-31 14:23 UTC by Adam Mariš
Modified: 2019-09-29 14:05 UTC (History)
24 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-29 03:59:02 UTC


Attachments (Terms of Use)

Description Adam Mariš 2017-01-31 14:23:27 UTC
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.

Upstream patch:

https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2

Comment 1 Adam Mariš 2017-02-03 11:31:59 UTC
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1418991]

Comment 2 Adam Mariš 2017-02-03 11:32:14 UTC
Created libwmf tracking bugs for this issue:

Affects: fedora-all [bug 1418992]

Comment 3 Carl Song 2017-06-13 18:18:29 UTC
Will the fix for Fedora port to Red Hat soon?

Comment 4 Wade Mealing 2017-06-14 01:28:12 UTC
Redirecting flag to correct reporter.

Comment 5 Huzaifa S. Sidhpurwala 2017-06-19 08:17:02 UTC
(In reply to Carl Song from comment #3)
> Will the fix for Fedora port to Red Hat soon?

Please contact Red Hat support staff for questions regarding updates for Red Hat products.

Comment 6 Huzaifa S. Sidhpurwala 2018-04-01 02:48:15 UTC
Analysis:

This issue does not affect the version of php or libgd shipped with any versions of Red Hat Enterprise Linux since the affected code is not shipped with these packages.

In the version of php shipped with Red Hat Enterprise Linux 7, the code exists in the source code but is not compiled because php is not compiled with libvpx.


Note You need to log in before you can comment on or make changes to this bug.