LibGD security advisory [18 January 2017]
Summary
The LibGD project released advisories on January 18th, 2017, July 22nd, 2016 and June 25th, 2016 describing 12 vulnerabilities, as listed below:
* gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)
* double-free in gdImageWebPtr() (CVE-2016-6912)
* potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)
* DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
* Signed Integer Overflow gd_io.c (CVE-2016-10168)
* Integer Overflow in _gd2GetHeader (CVE-2016-5766)
* Read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)
* Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)
* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
* Invalid color index not handled, can lead to crash (CVE-2016-6128)
* Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (CVE-2016-5767)
* Stack overflow with gdImageFillToBorder (CVE-2015-8874, CVE-2016-9933)
Description
The LibGD project released advisories on January 18th, 2017, July 22nd, 2016 and June 25th, 2016 describing 12 vulnerabilities, as listed below:
* gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)
* double-free in gdImageWebPtr() (CVE-2016-6912)
* potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)
* DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
* Signed Integer Overflow gd_io.c (CVE-2016-10168)
* Integer Overflow in _gd2GetHeader (CVE-2016-5766)
* Read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)
* Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)
* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
* Invalid color index not handled, can lead to crash (CVE-2016-6128)
* Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (CVE-2016-5767)
* Stack overflow with gdImageFillToBorder (CVE-2015-8874, CVE-2016-9933)
Impact Detail
More detail description added per FortiCare 2312653 suggested
Affected Products
FortiOS version 5.4.4 and below
FortiAnalyzer version 5.4.2 and below
Solutions
FortiOS: Upgrade to firmware version 5.4.5 or 5.6.0
FortiAnalyzer: Upgrade to firmware version 5.4.3