Vulnerabilities > CVE-2017-6362 - Double Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 2 | |
OS | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-63.NASL description This update for gd fixes one issues. This security issue was fixed : - CVE-2017-6362: Prevent double-free in gdImagePngPtr() that potentially allowed for DoS or remote code execution (bsc#1056993). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2018-01-22 plugin id 106223 published 2018-01-22 reporter This script is Copyright (C) 2018-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/106223 title openSUSE Security Update : gd (openSUSE-2018-63) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2521.NASL description According to the versions of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.(CVE-2016-10168) - Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.(CVE-2017-6362) - Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.(CVE-2016-3074) - Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.(CVE-2016-9933) - gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.(CVE-2018-5711) - The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.(CVE-2016-10167) - The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.(CVE-2016-6161) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-04 plugin id 131674 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131674 title EulerOS 2.0 SP2 : gd (EulerOS-SA-2019-2521) NASL family Fedora Local Security Checks NASL id FEDORA_2017-B444C3B9C5.NASL description - Related: CVE-2017-6362 remove problematic function Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105961 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105961 title Fedora 27 : libwmf (2017-b444c3b9c5) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-120-01.NASL description New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109432 published 2018-05-01 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109432 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libwmf (SSA:2018-120-01) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-108-01.NASL description New gd packages are available for Slackware 14.2 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109147 published 2018-04-19 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109147 title Slackware 14.2 / current : gd (SSA:2018-108-01) NASL family Fedora Local Security Checks NASL id FEDORA_2017-D361DE1A65.NASL description - Related: CVE-2017-6362 remove problematic function Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-09-21 plugin id 103367 published 2017-09-21 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103367 title Fedora 25 : libwmf (2017-d361de1a65) NASL family Fedora Local Security Checks NASL id FEDORA_2017-7CC0E6A5F5.NASL description **Version 2.2.5** - 2017-08-30 - **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** - **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386: gdImageGrayScale() may produce colors - Fix #406: webpng -i removes the transparent color - Fix Coverity #155475: Failure to restore alphaBlendingFlag - Fix Coverity #155476: potential resource leak - Fix several build issues and test failures - Fix and reenable optimized support for reading 1 bps TIFFs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-09-05 plugin id 102937 published 2017-09-05 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102937 title Fedora 26 : gd (2017-7cc0e6a5f5) NASL family Fedora Local Security Checks NASL id FEDORA_2017-A69B0BB52D.NASL description **Version 2.2.5** - 2017-08-30 - **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** - **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386: gdImageGrayScale() may produce colors - Fix #406: webpng -i removes the transparent color - Fix Coverity #155475: Failure to restore alphaBlendingFlag - Fix Coverity #155476: potential resource leak - Fix several build issues and test failures - Fix and reenable optimized support for reading 1 bps TIFFs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-09-07 plugin id 102985 published 2017-09-07 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102985 title Fedora 25 : gd (2017-a69b0bb52d) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0135-1.NASL description This update for gd fixes one issues. This security issue was fixed : - CVE-2017-6362: Prevent double-free in gdImagePngPtr() that potentially allowed for DoS or remote code execution (bsc#1056993). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 106187 published 2018-01-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106187 title SUSE SLED12 / SLES12 Security Update : gd (SUSE-SU-2018:0135-1) NASL family Fedora Local Security Checks NASL id FEDORA_2017-C98C2E8E7A.NASL description - Related: CVE-2017-6362 remove problematic function Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-09-14 plugin id 103201 published 2017-09-14 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103201 title Fedora 26 : libwmf (2017-c98c2e8e7a) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3961.NASL description A double-free vulnerability was discovered in the gdImagePngPtr() function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 102928 published 2017-09-05 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102928 title Debian DSA-3961-1 : libgd2 - security update NASL family Fedora Local Security Checks NASL id FEDORA_2017-AC3DD4ECF8.NASL description **Version 2.2.5** - 2017-08-30 - **Security** - Double-free in gdImagePngPtr(). **CVE-2017-6362** - Buffer over-read into uninitialized memory. **CVE-2017-7890** - **Fixed** - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386: gdImageGrayScale() may produce colors - Fix #406: webpng -i removes the transparent color - Fix Coverity #155475: Failure to restore alphaBlendingFlag - Fix Coverity #155476: potential resource leak - Fix several build issues and test failures - Fix and reenable optimized support for reading 1 bps TIFFs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105952 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105952 title Fedora 27 : gd (2017-ac3dd4ecf8) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3410-1.NASL description It was discovered that the GD Graphics Library (aka libgd) incorrectly handled certain malformed PNG images. A remote attacker could use this issue to cause the GD Graphics Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102975 published 2017-09-06 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102975 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : libgd2 vulnerability (USN-3410-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1106.NASL description A double-free vulnerability was discovered in the gdImagePngPtr() function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed. For Debian 7 last seen 2020-03-17 modified 2017-09-25 plugin id 103428 published 2017-09-25 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103428 title Debian DLA-1106-1 : libgd2 security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A60A2E95ACBA4B11BC32FFB47364E07D.NASL description libgd developers report : Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. last seen 2020-06-01 modified 2020-06-02 plugin id 103480 published 2017-09-27 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103480 title FreeBSD : libgd -- Denial of servica via double free (a60a2e95-acba-4b11-bc32-ffb47364e07d) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2583.NASL description According to the versions of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.(CVE-2016-3074) - The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.(CVE-2016-6161) - Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.(CVE-2016-9933) - Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.(CVE-2017-6362) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-19 plugin id 132300 published 2019-12-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132300 title EulerOS 2.0 SP3 : gd (EulerOS-SA-2019-2583)
References
- http://www.debian.org/security/2017/dsa-3961
- http://www.debian.org/security/2017/dsa-3961
- https://github.com/libgd/libgd/issues/381
- https://github.com/libgd/libgd/issues/381
- https://github.com/libgd/libgd/releases/tag/gd-2.2.5
- https://github.com/libgd/libgd/releases/tag/gd-2.2.5
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2BLXX7KNRE7ZVQAKGTHHWS33CUCXVUP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2BLXX7KNRE7ZVQAKGTHHWS33CUCXVUP/