Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-6132 (GCVE-0-2016-6132)
Vulnerability from cvelistv5 – Published: 2016-08-12 15:00 – Updated: 2024-08-06 01:22
VLAI?
EPSS
Summary
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:2117",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libgd.github.io/release-2.2.3.html"
},
{
"name": "[oss-security] 20160630 CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/6"
},
{
"name": "openSUSE-SU-2016:2363",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"name": "USN-3060-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3060-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgd/libgd/issues/247"
},
{
"name": "GLSA-201612-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-09"
},
{
"name": "91520",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91520"
},
{
"name": "[oss-security] 20160630 Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/10"
},
{
"name": "DSA-3619",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2016:2117",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libgd.github.io/release-2.2.3.html"
},
{
"name": "[oss-security] 20160630 CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/6"
},
{
"name": "openSUSE-SU-2016:2363",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"name": "USN-3060-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3060-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgd/libgd/issues/247"
},
{
"name": "GLSA-201612-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-09"
},
{
"name": "91520",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91520"
},
{
"name": "[oss-security] 20160630 Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/10"
},
{
"name": "DSA-3619",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3619"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2117",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
},
{
"name": "https://libgd.github.io/release-2.2.3.html",
"refsource": "CONFIRM",
"url": "https://libgd.github.io/release-2.2.3.html"
},
{
"name": "[oss-security] 20160630 CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/6"
},
{
"name": "openSUSE-SU-2016:2363",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"name": "USN-3060-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3060-1"
},
{
"name": "https://github.com/libgd/libgd/issues/247",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/issues/247"
},
{
"name": "GLSA-201612-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-09"
},
{
"name": "91520",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91520"
},
{
"name": "[oss-security] 20160630 Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/10"
},
{
"name": "DSA-3619",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3619"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6132",
"datePublished": "2016-08-12T15:00:00",
"dateReserved": "2016-06-30T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-6132\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-08-12T15:59:00.130\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n gdImageCreateFromTgaCtx en GD Graphics Library (tambi\u00e9n conocida como libgd) en versiones anteriores a 2.2.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un archivo TGA manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.2.2\",\"matchCriteriaId\":\"CABE614C-FFD3-4B02-B5DF-658185F8D874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3619\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/30/10\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/30/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91520\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3060-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/libgd/libgd/issues/247\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://libgd.github.io/release-2.2.3.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201612-09\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3619\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/30/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/06/30/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3060-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/libgd/libgd/issues/247\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://libgd.github.io/release-2.2.3.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201612-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
OPENSUSE-SU-2024:10062-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
gd-2.2.3-2.1 on GA media
Notes
Title of the patch
gd-2.2.3-2.1 on GA media
Description of the patch
These are all security issues fixed in the gd-2.2.3-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10062
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "gd-2.2.3-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the gd-2.2.3-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10062",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10062-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-2497 page",
"url": "https://www.suse.com/security/cve/CVE-2014-2497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5116 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5766 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6128 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6132 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6207 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6214 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6905 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6905/"
}
],
"title": "gd-2.2.3-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10062-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gd-2.2.3-2.1.aarch64",
"product": {
"name": "gd-2.2.3-2.1.aarch64",
"product_id": "gd-2.2.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "gd-devel-2.2.3-2.1.aarch64",
"product": {
"name": "gd-devel-2.2.3-2.1.aarch64",
"product_id": "gd-devel-2.2.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgd3-2.2.3-2.1.aarch64",
"product": {
"name": "libgd3-2.2.3-2.1.aarch64",
"product_id": "libgd3-2.2.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgd3-32bit-2.2.3-2.1.aarch64",
"product": {
"name": "libgd3-32bit-2.2.3-2.1.aarch64",
"product_id": "libgd3-32bit-2.2.3-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gd-2.2.3-2.1.ppc64le",
"product": {
"name": "gd-2.2.3-2.1.ppc64le",
"product_id": "gd-2.2.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gd-devel-2.2.3-2.1.ppc64le",
"product": {
"name": "gd-devel-2.2.3-2.1.ppc64le",
"product_id": "gd-devel-2.2.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgd3-2.2.3-2.1.ppc64le",
"product": {
"name": "libgd3-2.2.3-2.1.ppc64le",
"product_id": "libgd3-2.2.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgd3-32bit-2.2.3-2.1.ppc64le",
"product": {
"name": "libgd3-32bit-2.2.3-2.1.ppc64le",
"product_id": "libgd3-32bit-2.2.3-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gd-2.2.3-2.1.s390x",
"product": {
"name": "gd-2.2.3-2.1.s390x",
"product_id": "gd-2.2.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "gd-devel-2.2.3-2.1.s390x",
"product": {
"name": "gd-devel-2.2.3-2.1.s390x",
"product_id": "gd-devel-2.2.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libgd3-2.2.3-2.1.s390x",
"product": {
"name": "libgd3-2.2.3-2.1.s390x",
"product_id": "libgd3-2.2.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libgd3-32bit-2.2.3-2.1.s390x",
"product": {
"name": "libgd3-32bit-2.2.3-2.1.s390x",
"product_id": "libgd3-32bit-2.2.3-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gd-2.2.3-2.1.x86_64",
"product": {
"name": "gd-2.2.3-2.1.x86_64",
"product_id": "gd-2.2.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "gd-devel-2.2.3-2.1.x86_64",
"product": {
"name": "gd-devel-2.2.3-2.1.x86_64",
"product_id": "gd-devel-2.2.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgd3-2.2.3-2.1.x86_64",
"product": {
"name": "libgd3-2.2.3-2.1.x86_64",
"product_id": "libgd3-2.2.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgd3-32bit-2.2.3-2.1.x86_64",
"product": {
"name": "libgd3-32bit-2.2.3-2.1.x86_64",
"product_id": "libgd3-32bit-2.2.3-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.2.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64"
},
"product_reference": "gd-2.2.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.2.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le"
},
"product_reference": "gd-2.2.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.2.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-2.2.3-2.1.s390x"
},
"product_reference": "gd-2.2.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.2.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64"
},
"product_reference": "gd-2.2.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.2.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64"
},
"product_reference": "gd-devel-2.2.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.2.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le"
},
"product_reference": "gd-devel-2.2.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.2.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x"
},
"product_reference": "gd-devel-2.2.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.2.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64"
},
"product_reference": "gd-devel-2.2.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-2.2.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64"
},
"product_reference": "libgd3-2.2.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-2.2.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le"
},
"product_reference": "libgd3-2.2.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-2.2.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x"
},
"product_reference": "libgd3-2.2.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-2.2.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64"
},
"product_reference": "libgd3-2.2.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-32bit-2.2.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64"
},
"product_reference": "libgd3-32bit-2.2.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-32bit-2.2.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le"
},
"product_reference": "libgd3-32bit-2.2.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-32bit-2.2.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x"
},
"product_reference": "libgd3-32bit-2.2.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-32bit-2.2.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
},
"product_reference": "libgd3-32bit-2.2.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-2497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-2497"
}
],
"notes": [
{
"category": "general",
"text": "The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-2497",
"url": "https://www.suse.com/security/cve/CVE-2014-2497"
},
{
"category": "external",
"summary": "SUSE Bug 868624 for CVE-2014-2497",
"url": "https://bugzilla.suse.com/868624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-2497"
},
{
"cve": "CVE-2016-5116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5116"
}
],
"notes": [
{
"category": "general",
"text": "gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5116",
"url": "https://www.suse.com/security/cve/CVE-2016-5116"
},
{
"category": "external",
"summary": "SUSE Bug 982176 for CVE-2016-5116",
"url": "https://bugzilla.suse.com/982176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5116"
},
{
"cve": "CVE-2016-5766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5766"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5766",
"url": "https://www.suse.com/security/cve/CVE-2016-5766"
},
{
"category": "external",
"summary": "SUSE Bug 986386 for CVE-2016-5766",
"url": "https://bugzilla.suse.com/986386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5766"
},
{
"cve": "CVE-2016-6128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6128"
}
],
"notes": [
{
"category": "general",
"text": "The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6128",
"url": "https://www.suse.com/security/cve/CVE-2016-6128"
},
{
"category": "external",
"summary": "SUSE Bug 987580 for CVE-2016-6128",
"url": "https://bugzilla.suse.com/987580"
},
{
"category": "external",
"summary": "SUSE Bug 991710 for CVE-2016-6128",
"url": "https://bugzilla.suse.com/991710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-6128"
},
{
"cve": "CVE-2016-6132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6132"
}
],
"notes": [
{
"category": "general",
"text": "The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6132",
"url": "https://www.suse.com/security/cve/CVE-2016-6132"
},
{
"category": "external",
"summary": "SUSE Bug 987577 for CVE-2016-6132",
"url": "https://bugzilla.suse.com/987577"
},
{
"category": "external",
"summary": "SUSE Bug 991436 for CVE-2016-6132",
"url": "https://bugzilla.suse.com/991436"
},
{
"category": "external",
"summary": "SUSE Bug 995034 for CVE-2016-6132",
"url": "https://bugzilla.suse.com/995034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-6132"
},
{
"cve": "CVE-2016-6207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6207"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6207",
"url": "https://www.suse.com/security/cve/CVE-2016-6207"
},
{
"category": "external",
"summary": "SUSE Bug 991434 for CVE-2016-6207",
"url": "https://bugzilla.suse.com/991434"
},
{
"category": "external",
"summary": "SUSE Bug 991622 for CVE-2016-6207",
"url": "https://bugzilla.suse.com/991622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-6207"
},
{
"cve": "CVE-2016-6214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6214"
}
],
"notes": [
{
"category": "general",
"text": "gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6214",
"url": "https://www.suse.com/security/cve/CVE-2016-6214"
},
{
"category": "external",
"summary": "SUSE Bug 987577 for CVE-2016-6214",
"url": "https://bugzilla.suse.com/987577"
},
{
"category": "external",
"summary": "SUSE Bug 991436 for CVE-2016-6214",
"url": "https://bugzilla.suse.com/991436"
},
{
"category": "external",
"summary": "SUSE Bug 995034 for CVE-2016-6214",
"url": "https://bugzilla.suse.com/995034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-6214"
},
{
"cve": "CVE-2016-6905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6905"
}
],
"notes": [
{
"category": "general",
"text": "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6905",
"url": "https://www.suse.com/security/cve/CVE-2016-6905"
},
{
"category": "external",
"summary": "SUSE Bug 995034 for CVE-2016-6905",
"url": "https://bugzilla.suse.com/995034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-2.2.3-2.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.2.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-6905"
}
]
}
GHSA-P2GQ-F8G2-6936
Vulnerability from github – Published: 2022-05-14 02:12 – Updated: 2022-05-14 02:12
VLAI?
Details
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2016-6132"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-08-12T15:59:00Z",
"severity": "MODERATE"
},
"details": "The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.",
"id": "GHSA-p2gq-f8g2-6936",
"modified": "2022-05-14T02:12:20Z",
"published": "2022-05-14T02:12:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6132"
},
{
"type": "WEB",
"url": "https://github.com/libgd/libgd/issues/247"
},
{
"type": "WEB",
"url": "https://libgd.github.io/release-2.2.3.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201612-09"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3619"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/10"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91520"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3060-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
CNVD-2016-04484
Vulnerability from cnvd - Published: 2016-07-05
VLAI Severity ?
Title
libgd越界读取漏洞
Description
libgd是一个开源的用于动态创建图像的库,它支持创建图表、图形和缩略图等。
libgd未能正确解析TGA文件,远程攻击者可利用该漏洞造成越边界读取。
Severity
中
Patch Name
libgd越界读取漏洞的补丁
Patch Description
libgd是一个开源的用于动态创建图像的库,它支持创建图表、图形和缩略图等。
libgd未能正确解析TGA文件,远程攻击者可利用该漏洞造成越边界读取。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://github.com/libgd/libgd/issues/247
Reference
http://www.openwall.com/lists/oss-security/2016/06/30/10
Impacted products
| Name | Libgd Libgd |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-6132"
}
},
"description": "libgd\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u7528\u4e8e\u52a8\u6001\u521b\u5efa\u56fe\u50cf\u7684\u5e93\uff0c\u5b83\u652f\u6301\u521b\u5efa\u56fe\u8868\u3001\u56fe\u5f62\u548c\u7f29\u7565\u56fe\u7b49\u3002\r\n\r\nlibgd\u672a\u80fd\u6b63\u786e\u89e3\u6790TGA\u6587\u4ef6\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u8d8a\u8fb9\u754c\u8bfb\u53d6\u3002",
"discovererName": "unknown",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://github.com/libgd/libgd/issues/247",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-04484",
"openTime": "2016-07-05",
"patchDescription": "libgd\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u7528\u4e8e\u52a8\u6001\u521b\u5efa\u56fe\u50cf\u7684\u5e93\uff0c\u5b83\u652f\u6301\u521b\u5efa\u56fe\u8868\u3001\u56fe\u5f62\u548c\u7f29\u7565\u56fe\u7b49\u3002\r\n\r\nlibgd\u672a\u80fd\u6b63\u786e\u89e3\u6790TGA\u6587\u4ef6\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u8d8a\u8fb9\u754c\u8bfb\u53d6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "libgd\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Libgd Libgd"
},
"referenceLink": "http://www.openwall.com/lists/oss-security/2016/06/30/10",
"serverity": "\u4e2d",
"submitTime": "2016-07-03",
"title": "libgd\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e"
}
FKIE_CVE-2016-6132
Vulnerability from fkie_nvd - Published: 2016-08-12 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CABE614C-FFD3-4B02-B5DF-658185F8D874",
"versionEndIncluding": "2.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file."
},
{
"lang": "es",
"value": "La funci\u00f3n gdImageCreateFromTgaCtx en GD Graphics Library (tambi\u00e9n conocida como libgd) en versiones anteriores a 2.2.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un archivo TGA manipulado."
}
],
"id": "CVE-2016-6132",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-12T15:59:00.130",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3619"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91520"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3060-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libgd/libgd/issues/247"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://libgd.github.io/release-2.2.3.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201612-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3060-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libgd/libgd/issues/247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://libgd.github.io/release-2.2.3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201612-09"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2017-AVI-237
Vulnerability from certfr_avis - Published: 2017-07-27 - Updated: 2017-07-27
De multiples vulnérabilités ont été corrigées dans Fortinet FortiOS et FortiAnalyzer. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 5.6.0",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 5.4.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 5.4.3",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-8874",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8874"
},
{
"name": "CVE-2016-9933",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9933"
},
{
"name": "CVE-2016-5766",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5766"
},
{
"name": "CVE-2016-10166",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10166"
},
{
"name": "CVE-2016-6132",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6132"
},
{
"name": "CVE-2016-6128",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6128"
},
{
"name": "CVE-2016-6207",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6207"
},
{
"name": "CVE-2016-6912",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6912"
},
{
"name": "CVE-2016-10167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10167"
},
{
"name": "CVE-2016-9317",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9317"
},
{
"name": "CVE-2016-6214",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6214"
},
{
"name": "CVE-2016-5767",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5767"
},
{
"name": "CVE-2016-10168",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10168"
}
],
"initial_release_date": "2017-07-27T00:00:00",
"last_revision_date": "2017-07-27T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-17-051 du 26 juillet 2017",
"url": "http://fortiguard.com/psirt/FG-IR-17-051"
}
],
"reference": "CERTFR-2017-AVI-237",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-07-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eFortinet FortiOS et FortiAnalyzer\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Fortinet FortiOS et FortiAnalyzer",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-17-051 du 26 juillet 2017",
"url": null
}
]
}
SUSE-SU-2016:2303-1
Vulnerability from csaf_suse - Published: 2016-09-14 07:12 - Updated: 2016-09-14 07:12Summary
Security update for gd
Notes
Title of the patch
Security update for gd
Description of the patch
This update for gd fixes the following issues:
* CVE-2016-6214: Buffer over-read issue when parsing crafted TGA file [bsc#991436]
* CVE-2016-6132: read out-of-bands was found in the parsing of TGA files using libgd [bsc#987577]
* CVE-2016-6128: Invalid color index not properly handled [bsc#991710]
* CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991622]
* CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032]
* CVE-2016-5116: avoid stack overflow (read) with large names [bsc#982176]
* CVE-2016-6905: Out-of-bounds read in function read_image_tga in gd_tga.c [bsc#995034]
Patchnames
SUSE-SLE-DESKTOP-12-SP1-2016-1347,SUSE-SLE-SDK-12-SP1-2016-1347,SUSE-SLE-SERVER-12-SP1-2016-1347,SUSE-SLE-WE-12-SP1-2016-1347
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for gd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for gd fixes the following issues:\n\n * CVE-2016-6214: Buffer over-read issue when parsing crafted TGA file [bsc#991436]\n * CVE-2016-6132: read out-of-bands was found in the parsing of TGA files using libgd [bsc#987577]\n * CVE-2016-6128: Invalid color index not properly handled [bsc#991710]\n * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991622]\n * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032]\n * CVE-2016-5116: avoid stack overflow (read) with large names [bsc#982176]\n * CVE-2016-6905: Out-of-bounds read in function read_image_tga in gd_tga.c [bsc#995034]\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP1-2016-1347,SUSE-SLE-SDK-12-SP1-2016-1347,SUSE-SLE-SERVER-12-SP1-2016-1347,SUSE-SLE-WE-12-SP1-2016-1347",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2303-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2303-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162303-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:2303-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-September/002271.html"
},
{
"category": "self",
"summary": "SUSE Bug 982176",
"url": "https://bugzilla.suse.com/982176"
},
{
"category": "self",
"summary": "SUSE Bug 987577",
"url": "https://bugzilla.suse.com/987577"
},
{
"category": "self",
"summary": "SUSE Bug 988032",
"url": "https://bugzilla.suse.com/988032"
},
{
"category": "self",
"summary": "SUSE Bug 991436",
"url": "https://bugzilla.suse.com/991436"
},
{
"category": "self",
"summary": "SUSE Bug 991622",
"url": "https://bugzilla.suse.com/991622"
},
{
"category": "self",
"summary": "SUSE Bug 991710",
"url": "https://bugzilla.suse.com/991710"
},
{
"category": "self",
"summary": "SUSE Bug 995034",
"url": "https://bugzilla.suse.com/995034"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5116 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6128 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6132 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6161 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6207 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6214 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6905 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6905/"
}
],
"title": "Security update for gd",
"tracking": {
"current_release_date": "2016-09-14T07:12:19Z",
"generator": {
"date": "2016-09-14T07:12:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2303-1",
"initial_release_date": "2016-09-14T07:12:19Z",
"revision_history": [
{
"date": "2016-09-14T07:12:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gd-devel-2.1.0-12.1.ppc64le",
"product": {
"name": "gd-devel-2.1.0-12.1.ppc64le",
"product_id": "gd-devel-2.1.0-12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gd-2.1.0-12.1.ppc64le",
"product": {
"name": "gd-2.1.0-12.1.ppc64le",
"product_id": "gd-2.1.0-12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gd-devel-2.1.0-12.1.s390x",
"product": {
"name": "gd-devel-2.1.0-12.1.s390x",
"product_id": "gd-devel-2.1.0-12.1.s390x"
}
},
{
"category": "product_version",
"name": "gd-2.1.0-12.1.s390x",
"product": {
"name": "gd-2.1.0-12.1.s390x",
"product_id": "gd-2.1.0-12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gd-2.1.0-12.1.x86_64",
"product": {
"name": "gd-2.1.0-12.1.x86_64",
"product_id": "gd-2.1.0-12.1.x86_64"
}
},
{
"category": "product_version",
"name": "gd-32bit-2.1.0-12.1.x86_64",
"product": {
"name": "gd-32bit-2.1.0-12.1.x86_64",
"product_id": "gd-32bit-2.1.0-12.1.x86_64"
}
},
{
"category": "product_version",
"name": "gd-devel-2.1.0-12.1.x86_64",
"product": {
"name": "gd-devel-2.1.0-12.1.x86_64",
"product_id": "gd-devel-2.1.0-12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP1",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-12.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64"
},
"product_reference": "gd-2.1.0-12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-32bit-2.1.0-12.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
},
"product_reference": "gd-32bit-2.1.0-12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.1.0-12.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le"
},
"product_reference": "gd-devel-2.1.0-12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.1.0-12.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x"
},
"product_reference": "gd-devel-2.1.0-12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.1.0-12.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64"
},
"product_reference": "gd-devel-2.1.0-12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-12.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le"
},
"product_reference": "gd-2.1.0-12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-12.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x"
},
"product_reference": "gd-2.1.0-12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-12.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64"
},
"product_reference": "gd-2.1.0-12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-12.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le"
},
"product_reference": "gd-2.1.0-12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-12.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x"
},
"product_reference": "gd-2.1.0-12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64"
},
"product_reference": "gd-2.1.0-12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-32bit-2.1.0-12.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP1",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
},
"product_reference": "gd-32bit-2.1.0-12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5116"
}
],
"notes": [
{
"category": "general",
"text": "gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5116",
"url": "https://www.suse.com/security/cve/CVE-2016-5116"
},
{
"category": "external",
"summary": "SUSE Bug 982176 for CVE-2016-5116",
"url": "https://bugzilla.suse.com/982176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-14T07:12:19Z",
"details": "moderate"
}
],
"title": "CVE-2016-5116"
},
{
"cve": "CVE-2016-6128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6128"
}
],
"notes": [
{
"category": "general",
"text": "The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6128",
"url": "https://www.suse.com/security/cve/CVE-2016-6128"
},
{
"category": "external",
"summary": "SUSE Bug 987580 for CVE-2016-6128",
"url": "https://bugzilla.suse.com/987580"
},
{
"category": "external",
"summary": "SUSE Bug 991710 for CVE-2016-6128",
"url": "https://bugzilla.suse.com/991710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-14T07:12:19Z",
"details": "moderate"
}
],
"title": "CVE-2016-6128"
},
{
"cve": "CVE-2016-6132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6132"
}
],
"notes": [
{
"category": "general",
"text": "The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6132",
"url": "https://www.suse.com/security/cve/CVE-2016-6132"
},
{
"category": "external",
"summary": "SUSE Bug 987577 for CVE-2016-6132",
"url": "https://bugzilla.suse.com/987577"
},
{
"category": "external",
"summary": "SUSE Bug 991436 for CVE-2016-6132",
"url": "https://bugzilla.suse.com/991436"
},
{
"category": "external",
"summary": "SUSE Bug 995034 for CVE-2016-6132",
"url": "https://bugzilla.suse.com/995034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-14T07:12:19Z",
"details": "moderate"
}
],
"title": "CVE-2016-6132"
},
{
"cve": "CVE-2016-6161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6161"
}
],
"notes": [
{
"category": "general",
"text": "The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6161",
"url": "https://www.suse.com/security/cve/CVE-2016-6161"
},
{
"category": "external",
"summary": "SUSE Bug 988032 for CVE-2016-6161",
"url": "https://bugzilla.suse.com/988032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-14T07:12:19Z",
"details": "low"
}
],
"title": "CVE-2016-6161"
},
{
"cve": "CVE-2016-6207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6207"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6207",
"url": "https://www.suse.com/security/cve/CVE-2016-6207"
},
{
"category": "external",
"summary": "SUSE Bug 991434 for CVE-2016-6207",
"url": "https://bugzilla.suse.com/991434"
},
{
"category": "external",
"summary": "SUSE Bug 991622 for CVE-2016-6207",
"url": "https://bugzilla.suse.com/991622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-14T07:12:19Z",
"details": "moderate"
}
],
"title": "CVE-2016-6207"
},
{
"cve": "CVE-2016-6214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6214"
}
],
"notes": [
{
"category": "general",
"text": "gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6214",
"url": "https://www.suse.com/security/cve/CVE-2016-6214"
},
{
"category": "external",
"summary": "SUSE Bug 987577 for CVE-2016-6214",
"url": "https://bugzilla.suse.com/987577"
},
{
"category": "external",
"summary": "SUSE Bug 991436 for CVE-2016-6214",
"url": "https://bugzilla.suse.com/991436"
},
{
"category": "external",
"summary": "SUSE Bug 995034 for CVE-2016-6214",
"url": "https://bugzilla.suse.com/995034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-14T07:12:19Z",
"details": "moderate"
}
],
"title": "CVE-2016-6214"
},
{
"cve": "CVE-2016-6905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6905"
}
],
"notes": [
{
"category": "general",
"text": "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6905",
"url": "https://www.suse.com/security/cve/CVE-2016-6905"
},
{
"category": "external",
"summary": "SUSE Bug 995034 for CVE-2016-6905",
"url": "https://bugzilla.suse.com/995034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-12.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-14T07:12:19Z",
"details": "moderate"
}
],
"title": "CVE-2016-6905"
}
]
}
GSD-2016-6132
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-6132",
"description": "The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.",
"id": "GSD-2016-6132",
"references": [
"https://www.suse.com/security/cve/CVE-2016-6132.html",
"https://www.debian.org/security/2016/dsa-3619",
"https://ubuntu.com/security/CVE-2016-6132",
"https://advisories.mageia.org/CVE-2016-6132.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-6132"
],
"details": "The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.",
"id": "GSD-2016-6132",
"modified": "2023-12-13T01:21:22.999451Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2117",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
},
{
"name": "https://libgd.github.io/release-2.2.3.html",
"refsource": "CONFIRM",
"url": "https://libgd.github.io/release-2.2.3.html"
},
{
"name": "[oss-security] 20160630 CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/6"
},
{
"name": "openSUSE-SU-2016:2363",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"name": "USN-3060-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3060-1"
},
{
"name": "https://github.com/libgd/libgd/issues/247",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/issues/247"
},
{
"name": "GLSA-201612-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-09"
},
{
"name": "91520",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91520"
},
{
"name": "[oss-security] 20160630 Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/10"
},
{
"name": "DSA-3619",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3619"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6132"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3619",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3619"
},
{
"name": "[oss-security] 20160630 Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/10"
},
{
"name": "https://libgd.github.io/release-2.2.3.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://libgd.github.io/release-2.2.3.html"
},
{
"name": "[oss-security] 20160630 CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/6"
},
{
"name": "https://github.com/libgd/libgd/issues/247",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/libgd/libgd/issues/247"
},
{
"name": "91520",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91520"
},
{
"name": "openSUSE-SU-2016:2363",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"name": "openSUSE-SU-2016:2117",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
},
{
"name": "USN-3060-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-3060-1"
},
{
"name": "GLSA-201612-09",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201612-09"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2018-10-30T16:27Z",
"publishedDate": "2016-08-12T15:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…