An unsigned integer overflow vulnerability was found in _gdContributionsAlloc function. Upstream patch: https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35 CVE assignment: http://www.openwall.com/lists/oss-security/2017/01/28/6
Created php tracking bugs for this issue: Affects: fedora-all [bug 1418991]
Created libwmf tracking bugs for this issue: Affects: fedora-all [bug 1418992]
Analysis: The code affects the _gdContributionsAlloc() function, which first appeared in gd-2.2.5. Red Hat Enterprise Linux 5, 6 and 7 does not ship with this gd version (or higher) either in an independent package or embedded with PHP, hence they are not affected.
(In reply to Huzaifa S. Sidhpurwala from comment #3) > The code affects the _gdContributionsAlloc() function, which first appeared > in gd-2.2.5. _gdContributionsAlloc() first appeared in gd 2.1.0: https://github.com/libgd/libgd/commit/423c9393917a9d1233fe163a45a0791da306b109 The problem was actually fixed in gd 2.2.4. > Red Hat Enterprise Linux 5, 6 and 7 does not ship with this gd version > (or higher) either in an independent package Red Hat Enterprise Linux 7 and earlier do not contain the affected code. The gd packages in Red Hat Enterprise Linux 8 are based on upstream version 2.2.5, and hence include this fix. > or embedded with PHP, hence they are not affected. While PHP versions did not embed newer upstream gd version, it did contain many backports of the newer functionality. The vulnerable _gdContributionsAlloc() code was added in PHP 5.5.0: https://github.com/php/php-src/commit/a7a53d369bfcf3208b445b9aa12aa8a6e114c5fd I.e. the vulnerable code was added to php and libgd at approximately the same time. However, this problem only got fixed in the gd version bundled in PHP in Jan 2019 in versions 5.6.40, 7.1.26, 7.2.14, and 7.3.1. PHP upstream bug and commit: https://bugs.php.net/bug.php?id=77269 https://github.com/php/php-src/commit/a918020c03880e12ac9f38e11a4a3789491a5f85 The php:7.2 module packages in Red Hat Enterprise Linux 8 are not affected by this issue even though they are currently based on the upstream version 7.2.11, as they use fixed system libgd instead of using bundled gd.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2016-10166
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2019:3299 https://access.redhat.com/errata/RHSA-2019:3299