oss-sec mailing list archives
Re: CVE Request: libgd: Stack Buffer Overflow in GD dynamicGetbuf
From: cve-assign () mitre org
Date: Sat, 15 Oct 2016 12:49:12 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On the PHP bug tracker Emmanuel Law reported a flaw in the libgd library in dynamicGetbuf. The PHP bug report is at (cannot quote the full report for the list archive, sinc a bit long): https://bugs.php.net/bug.php?id=73280 It has been reported upstream apparently (not via the issue tracker) and fixed in upstream as with commit: https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
Use CVE-2016-8670. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYAls+AAoJEHb/MwWLVhi2Yd4QALCxw5Y5ssKyrdOrL/zMqkyM Z7f28GAeF9mBXlsCONMOUKEqlMust0szGm/qWpBq9BV4OzPK5LRgqtNMhW0u0Z2M ZjJ0oJNC6XygJoM55fv2c7Ehd+ej1+wP+iSk8sow8i0y1IN34hPcMFA6Yk0jLcZa HBgPrIG3S6o2I4SL7mW5MTyWk0YefskJ+bgsPRMf9aDAHyPfq1UTInNAyyhXaygV 9c2J6Tn2cLhZWk1E8vIzm3jeWsP1N19DOlqW3jcQqgifPV2Xtsjet+pIH5wHy+Zw sNp7pAD3gkCnjyQHacvDEx16HDgNN0MLPIyW2zk5m8+cgwclC2/wybsoOX1zhB53 hFSmpU0NueGhbKm64lIg7H/nE5Tvpo+C5KHzNmJulXgU9HddAwWQJOgPVVxaape4 ZvlerrSGWGS65nv6S19AcJYdVRZRCle35bezUzzXA7/45WvGXUqxpyDT2M0EU3US TKc6f5HlnY6LSUKdKsvTUO1LPwsZ4hKXbdRthaIVpOEvtt03mAa58skKjtedR/29 UJ0TmKc2/l7vVqmPk/6VWXHMXJnNKMUTBoa9N8os2PBib2iPV4Dt686IVgWEwg5x i3aUovCSC5MFH9xWxpHG5HUHrhelz2WjNPwCwgyR0XNY9NaMpYC8zrh/3kkFF0uc q0yGUgrVc+MlwVg9GxOX =j63U -----END PGP SIGNATURE-----
Current thread:
- CVE Request: libgd: Stack Buffer Overflow in GD dynamicGetbuf Salvatore Bonaccorso (Oct 14)
- Re: CVE Request: libgd: Stack Buffer Overflow in GD dynamicGetbuf cve-assign (Oct 15)