diff options
author | Catalin Enache <catalin.enache@windriver.com> | 2017-04-07 13:10:53 +0300 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2017-04-18 14:21:39 +0200 |
commit | f66465d4d52a7a0df208a0701e3cb034e9c47bd3 (patch) | |
tree | c686eb28c0386b941dadccf5b28099ad8ee01059 /meta-python | |
parent | dcd6d5b2405e0be18694696dfb0221fc59e6d107 (diff) | |
download | meta-openembedded-contrib-f66465d4d52a7a0df208a0701e3cb034e9c47bd3.tar.gz |
gd : CVE-2016-10167, CVE-2016-10168
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics
Library (aka libgd) before 2.2.4 allows remote attackers to cause a
denial of service (application crash) via a crafted image file.
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before
2.2.4 allows remote attackers to have unspecified impact via vectors
involving the number of horizontal and vertical chunks in an image.
References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10167
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10168
Upstream patches:
https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-python')
0 files changed, 0 insertions, 0 deletions