An out-of-bounds read vulnerability in gd was found when encoding gif from malformed input with gd2togif utility. Upstream bug: https://github.com/libgd/libgd/issues/209 Upstream patch: https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 CVE assignment: http://seclists.org/oss-sec/2016/q3/14
Created gd tracking bugs for this issue: Affects: fedora-23 [bug 1353551]
CVSSv3 score adjusted based on the following reasoning: - the flaw makes it possible for a crafted .gd2 file to read arbitrary amounts of memory when converted to .gif - the library is often exposed (in php) to web services that process untrusted images - such services often restrict the file types they accept, and gd2 is normally not whitelisted - libgd uses gd2 as an intermediate format for conversions, so the code can still be reached. - in this case, exploitation relies on chaining another vulnerability that allows (semi-controlled) the attacker to trigger creation of an incorrect intermediate .gd2 image This lies between AC:L and AC:H; I think the overall score fairly well represents the risk exposure.
Created php tracking bugs for this issue: Affects: fedora-all [bug 1354710]
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.