gd : CVE-2016-10167, CVE-2016-10168 - meta-openembedded-contrib - OpenEmbedded layers collection contribution trees

diff options

author	Catalin Enache <catalin.enache@windriver.com>	2017-04-07 13:10:53 +0300
committer	Martin Jansa <Martin.Jansa@gmail.com>	2017-04-18 14:21:39 +0200
commit	f66465d4d52a7a0df208a0701e3cb034e9c47bd3 (patch)
tree	c686eb28c0386b941dadccf5b28099ad8ee01059 /meta-python
parent	dcd6d5b2405e0be18694696dfb0221fc59e6d107 (diff)
download	meta-openembedded-contrib-f66465d4d52a7a0df208a0701e3cb034e9c47bd3.tar.gz

gd : CVE-2016-10167, CVE-2016-10168

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10167 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10168 Upstream patches: https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6 Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

Diffstat (limited to 'meta-python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: