PSIRT Advisories

LibGD security advisory [18 January 2017]


The LibGD project released advisories on January 18th, 2017, July 22nd, 2016 and June 25th, 2016 describing 12 vulnerabilities, as listed below:

* gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)

* double-free in gdImageWebPtr() (CVE-2016-6912)

* potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)

* DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)

* Signed Integer Overflow gd_io.c (CVE-2016-10168)

* Integer Overflow in _gd2GetHeader (CVE-2016-5766)

* Read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)

* Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)

* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)

* Invalid color index not handled, can lead to crash (CVE-2016-6128)

* Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (CVE-2016-5767)

* Stack overflow with gdImageFillToBorder (CVE-2015-8874, CVE-2016-9933)

Impact Detail

More detail description added per FortiCare 2312653 suggested

Affected Products

FortiOS version 5.4.4 and below (Including 5.2.x versions)

FortiAnalyzer version 5.4.2 and below

An attacker would need local admin rights to login to the FortiOS webUI in order to exploit the vulnerabilities. There is no practical exploitation scenario known, the exploit level is therefore considered low to unestablished.


FortiOS: Upgrade to firmware version 5.4.5 or 5.6.0

FortiAnalyzer: Upgrade to firmware version 5.4.3