PSIRT

LibGD security advisory [18 January 2017]

Summary

The LibGD project released advisories on January 18th, 2017, July 22nd, 2016 and June 25th, 2016 describing 12 vulnerabilities, as listed below:

* gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)

* double-free in gdImageWebPtr() (CVE-2016-6912)

* potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)

* DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)

* Signed Integer Overflow gd_io.c (CVE-2016-10168)

* Integer Overflow in _gd2GetHeader (CVE-2016-5766)

* Read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)

* Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)

* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)

* Invalid color index not handled, can lead to crash (CVE-2016-6128)

* Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (CVE-2016-5767)

* Stack overflow with gdImageFillToBorder (CVE-2015-8874, CVE-2016-9933)

Description

The LibGD project released advisories on January 18th, 2017, July 22nd, 2016 and June 25th, 2016 describing 12 vulnerabilities, as listed below:

* gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)

* double-free in gdImageWebPtr() (CVE-2016-6912)

* potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)

* DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)

* Signed Integer Overflow gd_io.c (CVE-2016-10168)

* Integer Overflow in _gd2GetHeader (CVE-2016-5766)

* Read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)

* Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)

* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)

* Invalid color index not handled, can lead to crash (CVE-2016-6128)

* Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (CVE-2016-5767)

* Stack overflow with gdImageFillToBorder (CVE-2015-8874, CVE-2016-9933)

Impact Detail

More detail description added per FortiCare 2312653 suggested

Affected Products

FortiOS version 5.4.4 and below
FortiAnalyzer version 5.4.2 and below

Solutions

FortiOS: Upgrade to firmware version 5.4.5 or 5.6.0

FortiAnalyzer: Upgrade to firmware version 5.4.3

References

https://libgd.github.io/

IR Number	FG-IR-17-051
Date	Jul 26, 2017
Severity	Medium
CVSSv3 Score	7.5
Impact	Denial of Service, potential buffer and Integer overflows
CVE ID	CVE-2016-9317 CVE-2016-6912 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-5766 CVE-2016-6132 CVE-2016-6214 CVE-2016-6207 CVE-2016-6128 CVE-2016-5767 CVE-2015-8874 CVE-2016-9933
CVRF	Download

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

PSIRT

LibGD security advisory [18 January 2017]

Summary

Description

Impact Detail

Affected Products

Solutions

References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

PSIRT

LibGD security advisory [18 January 2017]

Summary

Description

Impact Detail

Affected Products

Solutions

References

Threat Intelligence
Center