Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-6912 (GCVE-0-2016-6912)
Vulnerability from cvelistv5
Published
2017-01-26 15:00
Modified
2024-08-06 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:38.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"
},
{
"name": "DSA-3777",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3777"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2"
},
{
"name": "95843",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95843"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"
},
{
"name": "DSA-3777",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3777"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2"
},
{
"name": "95843",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95843"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"
},
{
"name": "DSA-3777",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3777"
},
{
"name": "https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2"
},
{
"name": "95843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95843"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6912",
"datePublished": "2017-01-26T15:00:00",
"dateReserved": "2016-08-22T00:00:00",
"dateUpdated": "2024-08-06T01:43:38.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-6912\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-01-26T15:59:00.330\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de liberaci\u00f3n doble en la funci\u00f3n gdImageWebPtr en la GD Graphics Library (librer\u00eda libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos tener impacto no especificado a trav\u00e9s de valores de anchura y altura grandes.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.2.3\",\"matchCriteriaId\":\"E040BCCE-C098-492F-990F-D0196B519B10\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3777\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/95843\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Release Notes\"]},{\"url\":\"https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3777\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/95843\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Release Notes\"]},{\"url\":\"https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
opensuse-su-2024:10777-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
gd-2.3.3-1.1 on GA media
Notes
Title of the patch
gd-2.3.3-1.1 on GA media
Description of the patch
These are all security issues fixed in the gd-2.3.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10777
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "gd-2.3.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the gd-2.3.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10777",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10777-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-2756 page",
"url": "https://www.suse.com/security/cve/CVE-2007-2756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10166 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10167 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10168 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6912 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9317 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6362 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7890 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000222 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14553 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5711 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11038 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6977 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6977/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6978 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6978/"
}
],
"title": "gd-2.3.3-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10777-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gd-2.3.3-1.1.aarch64",
"product": {
"name": "gd-2.3.3-1.1.aarch64",
"product_id": "gd-2.3.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "gd-devel-2.3.3-1.1.aarch64",
"product": {
"name": "gd-devel-2.3.3-1.1.aarch64",
"product_id": "gd-devel-2.3.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "gd-devel-32bit-2.3.3-1.1.aarch64",
"product": {
"name": "gd-devel-32bit-2.3.3-1.1.aarch64",
"product_id": "gd-devel-32bit-2.3.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgd3-2.3.3-1.1.aarch64",
"product": {
"name": "libgd3-2.3.3-1.1.aarch64",
"product_id": "libgd3-2.3.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgd3-32bit-2.3.3-1.1.aarch64",
"product": {
"name": "libgd3-32bit-2.3.3-1.1.aarch64",
"product_id": "libgd3-32bit-2.3.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gd-2.3.3-1.1.ppc64le",
"product": {
"name": "gd-2.3.3-1.1.ppc64le",
"product_id": "gd-2.3.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gd-devel-2.3.3-1.1.ppc64le",
"product": {
"name": "gd-devel-2.3.3-1.1.ppc64le",
"product_id": "gd-devel-2.3.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gd-devel-32bit-2.3.3-1.1.ppc64le",
"product": {
"name": "gd-devel-32bit-2.3.3-1.1.ppc64le",
"product_id": "gd-devel-32bit-2.3.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgd3-2.3.3-1.1.ppc64le",
"product": {
"name": "libgd3-2.3.3-1.1.ppc64le",
"product_id": "libgd3-2.3.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgd3-32bit-2.3.3-1.1.ppc64le",
"product": {
"name": "libgd3-32bit-2.3.3-1.1.ppc64le",
"product_id": "libgd3-32bit-2.3.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gd-2.3.3-1.1.s390x",
"product": {
"name": "gd-2.3.3-1.1.s390x",
"product_id": "gd-2.3.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "gd-devel-2.3.3-1.1.s390x",
"product": {
"name": "gd-devel-2.3.3-1.1.s390x",
"product_id": "gd-devel-2.3.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "gd-devel-32bit-2.3.3-1.1.s390x",
"product": {
"name": "gd-devel-32bit-2.3.3-1.1.s390x",
"product_id": "gd-devel-32bit-2.3.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libgd3-2.3.3-1.1.s390x",
"product": {
"name": "libgd3-2.3.3-1.1.s390x",
"product_id": "libgd3-2.3.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libgd3-32bit-2.3.3-1.1.s390x",
"product": {
"name": "libgd3-32bit-2.3.3-1.1.s390x",
"product_id": "libgd3-32bit-2.3.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gd-2.3.3-1.1.x86_64",
"product": {
"name": "gd-2.3.3-1.1.x86_64",
"product_id": "gd-2.3.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "gd-devel-2.3.3-1.1.x86_64",
"product": {
"name": "gd-devel-2.3.3-1.1.x86_64",
"product_id": "gd-devel-2.3.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "gd-devel-32bit-2.3.3-1.1.x86_64",
"product": {
"name": "gd-devel-32bit-2.3.3-1.1.x86_64",
"product_id": "gd-devel-32bit-2.3.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgd3-2.3.3-1.1.x86_64",
"product": {
"name": "libgd3-2.3.3-1.1.x86_64",
"product_id": "libgd3-2.3.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgd3-32bit-2.3.3-1.1.x86_64",
"product": {
"name": "libgd3-32bit-2.3.3-1.1.x86_64",
"product_id": "libgd3-32bit-2.3.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.3.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64"
},
"product_reference": "gd-2.3.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.3.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le"
},
"product_reference": "gd-2.3.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.3.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-2.3.3-1.1.s390x"
},
"product_reference": "gd-2.3.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.3.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64"
},
"product_reference": "gd-2.3.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.3.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64"
},
"product_reference": "gd-devel-2.3.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.3.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le"
},
"product_reference": "gd-devel-2.3.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.3.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x"
},
"product_reference": "gd-devel-2.3.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.3.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64"
},
"product_reference": "gd-devel-2.3.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-32bit-2.3.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64"
},
"product_reference": "gd-devel-32bit-2.3.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-32bit-2.3.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le"
},
"product_reference": "gd-devel-32bit-2.3.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-32bit-2.3.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x"
},
"product_reference": "gd-devel-32bit-2.3.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-32bit-2.3.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64"
},
"product_reference": "gd-devel-32bit-2.3.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-2.3.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64"
},
"product_reference": "libgd3-2.3.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-2.3.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le"
},
"product_reference": "libgd3-2.3.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-2.3.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x"
},
"product_reference": "libgd3-2.3.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-2.3.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64"
},
"product_reference": "libgd3-2.3.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-32bit-2.3.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64"
},
"product_reference": "libgd3-32bit-2.3.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-32bit-2.3.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le"
},
"product_reference": "libgd3-32bit-2.3.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-32bit-2.3.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x"
},
"product_reference": "libgd3-32bit-2.3.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgd3-32bit-2.3.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
},
"product_reference": "libgd3-32bit-2.3.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-2756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-2756"
}
],
"notes": [
{
"category": "general",
"text": "The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-2756",
"url": "https://www.suse.com/security/cve/CVE-2007-2756"
},
{
"category": "external",
"summary": "SUSE Bug 276525 for CVE-2007-2756",
"url": "https://bugzilla.suse.com/276525"
},
{
"category": "external",
"summary": "SUSE Bug 282730 for CVE-2007-2756",
"url": "https://bugzilla.suse.com/282730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-2756"
},
{
"cve": "CVE-2016-10166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10166"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10166",
"url": "https://www.suse.com/security/cve/CVE-2016-10166"
},
{
"category": "external",
"summary": "SUSE Bug 1022069 for CVE-2016-10166",
"url": "https://bugzilla.suse.com/1022069"
},
{
"category": "external",
"summary": "SUSE Bug 1022263 for CVE-2016-10166",
"url": "https://bugzilla.suse.com/1022263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-10166"
},
{
"cve": "CVE-2016-10167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10167"
}
],
"notes": [
{
"category": "general",
"text": "The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10167",
"url": "https://www.suse.com/security/cve/CVE-2016-10167"
},
{
"category": "external",
"summary": "SUSE Bug 1022069 for CVE-2016-10167",
"url": "https://bugzilla.suse.com/1022069"
},
{
"category": "external",
"summary": "SUSE Bug 1022264 for CVE-2016-10167",
"url": "https://bugzilla.suse.com/1022264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-10167"
},
{
"cve": "CVE-2016-10168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10168"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10168",
"url": "https://www.suse.com/security/cve/CVE-2016-10168"
},
{
"category": "external",
"summary": "SUSE Bug 1022069 for CVE-2016-10168",
"url": "https://bugzilla.suse.com/1022069"
},
{
"category": "external",
"summary": "SUSE Bug 1022265 for CVE-2016-10168",
"url": "https://bugzilla.suse.com/1022265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-10168"
},
{
"cve": "CVE-2016-6912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6912"
}
],
"notes": [
{
"category": "general",
"text": "Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6912",
"url": "https://www.suse.com/security/cve/CVE-2016-6912"
},
{
"category": "external",
"summary": "SUSE Bug 1022284 for CVE-2016-6912",
"url": "https://bugzilla.suse.com/1022284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-6912"
},
{
"cve": "CVE-2016-9317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9317"
}
],
"notes": [
{
"category": "general",
"text": "The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9317",
"url": "https://www.suse.com/security/cve/CVE-2016-9317"
},
{
"category": "external",
"summary": "SUSE Bug 1022283 for CVE-2016-9317",
"url": "https://bugzilla.suse.com/1022283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9317"
},
{
"cve": "CVE-2017-6362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6362"
}
],
"notes": [
{
"category": "general",
"text": "Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6362",
"url": "https://www.suse.com/security/cve/CVE-2017-6362"
},
{
"category": "external",
"summary": "SUSE Bug 1056993 for CVE-2017-6362",
"url": "https://bugzilla.suse.com/1056993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-6362"
},
{
"cve": "CVE-2017-7890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7890"
}
],
"notes": [
{
"category": "general",
"text": "The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7890",
"url": "https://www.suse.com/security/cve/CVE-2017-7890"
},
{
"category": "external",
"summary": "SUSE Bug 1050241 for CVE-2017-7890",
"url": "https://bugzilla.suse.com/1050241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-7890"
},
{
"cve": "CVE-2018-1000222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000222"
}
],
"notes": [
{
"category": "general",
"text": "Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000222",
"url": "https://www.suse.com/security/cve/CVE-2018-1000222"
},
{
"category": "external",
"summary": "SUSE Bug 1105434 for CVE-2018-1000222",
"url": "https://bugzilla.suse.com/1105434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000222"
},
{
"cve": "CVE-2018-14553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14553"
}
],
"notes": [
{
"category": "general",
"text": "gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14553",
"url": "https://www.suse.com/security/cve/CVE-2018-14553"
},
{
"category": "external",
"summary": "SUSE Bug 1165471 for CVE-2018-14553",
"url": "https://bugzilla.suse.com/1165471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14553"
},
{
"cve": "CVE-2018-5711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5711"
}
],
"notes": [
{
"category": "general",
"text": "gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5711",
"url": "https://www.suse.com/security/cve/CVE-2018-5711"
},
{
"category": "external",
"summary": "SUSE Bug 1076391 for CVE-2018-5711",
"url": "https://bugzilla.suse.com/1076391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-5711"
},
{
"cve": "CVE-2019-11038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11038"
}
],
"notes": [
{
"category": "general",
"text": "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11038",
"url": "https://www.suse.com/security/cve/CVE-2019-11038"
},
{
"category": "external",
"summary": "SUSE Bug 1140118 for CVE-2019-11038",
"url": "https://bugzilla.suse.com/1140118"
},
{
"category": "external",
"summary": "SUSE Bug 1140120 for CVE-2019-11038",
"url": "https://bugzilla.suse.com/1140120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-11038"
},
{
"cve": "CVE-2019-6977",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6977"
}
],
"notes": [
{
"category": "general",
"text": "gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6977",
"url": "https://www.suse.com/security/cve/CVE-2019-6977"
},
{
"category": "external",
"summary": "SUSE Bug 1123354 for CVE-2019-6977",
"url": "https://bugzilla.suse.com/1123354"
},
{
"category": "external",
"summary": "SUSE Bug 1123361 for CVE-2019-6977",
"url": "https://bugzilla.suse.com/1123361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-6977"
},
{
"cve": "CVE-2019-6978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6978"
}
],
"notes": [
{
"category": "general",
"text": "The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6978",
"url": "https://www.suse.com/security/cve/CVE-2019-6978"
},
{
"category": "external",
"summary": "SUSE Bug 1123522 for CVE-2019-6978",
"url": "https://bugzilla.suse.com/1123522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:gd-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:gd-devel-32bit-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-2.3.3-1.1.x86_64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.aarch64",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.ppc64le",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.s390x",
"openSUSE Tumbleweed:libgd3-32bit-2.3.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-6978"
}
]
}
ghsa-wmff-45hx-q83q
Vulnerability from github
Published
2022-05-17 00:27
Modified
2022-05-17 00:27
Severity ?
VLAI Severity ?
Details
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
{
"affected": [],
"aliases": [
"CVE-2016-6912"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-26T15:59:00Z",
"severity": "CRITICAL"
},
"details": "Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.",
"id": "GHSA-wmff-45hx-q83q",
"modified": "2022-05-17T00:27:22Z",
"published": "2022-05-17T00:27:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6912"
},
{
"type": "WEB",
"url": "https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2"
},
{
"type": "WEB",
"url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3777"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95843"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
fkie_cve-2016-6912
Vulnerability from fkie_nvd
Published
2017-01-26 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E040BCCE-C098-492F-990F-D0196B519B10",
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values."
},
{
"lang": "es",
"value": "Vulnerabilidad de liberaci\u00f3n doble en la funci\u00f3n gdImageWebPtr en la GD Graphics Library (librer\u00eda libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos tener impacto no especificado a trav\u00e9s de valores de anchura y altura grandes."
}
],
"id": "CVE-2016-6912",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-26T15:59:00.330",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3777"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95843"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cnvd-2017-01492
Vulnerability from cnvd
Title: Libgd安全绕过漏洞
Description:
libGD(又名GD Graphics Library或libgd2)是美国软件开发者Thomas Boutell所研发的一个开源的用于动态创建图像的库,它支持创建图表、图形和缩略图等。
Libgd存在安全绕过漏洞。攻击者可利用漏洞绕过安全限制并执行未授权的操作,导致进一步攻击。
Severity: 高
Patch Name: Libgd安全绕过漏洞的补丁
Patch Description:
libGD(又名GD Graphics Library或libgd2)是美国软件开发者Thomas Boutell所研发的一个开源的用于动态创建图像的库,它支持创建图表、图形和缩略图等。
Libgd存在安全绕过漏洞。攻击者可利用漏洞绕过安全限制并执行未授权的操作,导致进一步攻击。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2#diff-676f08d527193ef7324aa25e2e62b0a2
Reference: http://www.securityfocus.com/bid/95843 http://seclists.org/fulldisclosure/2013/Jun/66
Impacted products
| Name | Libgd Libgd <2.2.4 |
|---|
{
"bids": {
"bid": {
"bidNumber": "95843"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-6912",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912"
}
},
"description": "libGD\uff08\u53c8\u540dGD Graphics Library\u6216libgd2\uff09\u662f\u7f8e\u56fd\u8f6f\u4ef6\u5f00\u53d1\u8005Thomas Boutell\u6240\u7814\u53d1\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u7528\u4e8e\u52a8\u6001\u521b\u5efa\u56fe\u50cf\u7684\u5e93\uff0c\u5b83\u652f\u6301\u521b\u5efa\u56fe\u8868\u3001\u56fe\u5f62\u548c\u7f29\u7565\u56fe\u7b49\u3002\r\n\r\nLibgd\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002",
"discovererName": "Ibrahim El-Sayed",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2#diff-676f08d527193ef7324aa25e2e62b0a2",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-01492",
"openTime": "2017-02-17",
"patchDescription": "libGD\uff08\u53c8\u540dGD Graphics Library\u6216libgd2\uff09\u662f\u7f8e\u56fd\u8f6f\u4ef6\u5f00\u53d1\u8005Thomas Boutell\u6240\u7814\u53d1\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u7528\u4e8e\u52a8\u6001\u521b\u5efa\u56fe\u50cf\u7684\u5e93\uff0c\u5b83\u652f\u6301\u521b\u5efa\u56fe\u8868\u3001\u56fe\u5f62\u548c\u7f29\u7565\u56fe\u7b49\u3002 \r\n\r\nLibgd\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002",
"patchName": "Libgd\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Libgd Libgd \u003c2.2.4"
},
"referenceLink": "http://www.securityfocus.com/bid/95843\r\nhttp://seclists.org/fulldisclosure/2013/Jun/66",
"serverity": "\u9ad8",
"submitTime": "2017-02-10",
"title": "Libgd\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}
suse-su-2017:0468-1
Vulnerability from csaf_suse
Published
2017-02-15 06:31
Modified
2017-02-15 06:31
Summary
Security update for gd
Notes
Title of the patch
Security update for gd
Description of the patch
This update for gd fixes the following security issues:
- CVE-2016-6906: An out-of-bounds read in TGA decompression was fixed which could have lead to crashes. (bsc#1022553)
- CVE-2016-6912: Double free vulnerability in the gdImageWebPtr function
in the GD Graphics Library (aka libgd) allowed remote attackers to have
unspecified impact via large width and height values. (bsc#1022284)
- CVE-2016-9317: The gdImageCreate function in the GD Graphics Library
(aka libgd) allowed remote attackers to cause a denial of service
(system hang) via an oversized image. (bsc#1022283)
- CVE-2016-10166: A potential unsigned underflow in gd interpolation
functions could lead to memory corruption in the GD Graphics Library (aka libgd) (bsc#1022263)
- CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx()
could lead to libgd running out of memory even on small files. (bsc#1022264)
- CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead
to memory corruption (bsc#1022265)
Patchnames
SUSE-SLE-DESKTOP-12-SP1-2017-241,SUSE-SLE-DESKTOP-12-SP2-2017-241,SUSE-SLE-RPI-12-SP2-2017-241,SUSE-SLE-SDK-12-SP1-2017-241,SUSE-SLE-SDK-12-SP2-2017-241,SUSE-SLE-SERVER-12-SP1-2017-241,SUSE-SLE-SERVER-12-SP2-2017-241,SUSE-SLE-WE-12-SP1-2017-241,SUSE-SLE-WE-12-SP2-2017-241
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for gd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for gd fixes the following security issues:\n\n- CVE-2016-6906: An out-of-bounds read in TGA decompression was fixed which could have lead to crashes. (bsc#1022553)\n- CVE-2016-6912: Double free vulnerability in the gdImageWebPtr function\n in the GD Graphics Library (aka libgd) allowed remote attackers to have\n unspecified impact via large width and height values. (bsc#1022284)\n- CVE-2016-9317: The gdImageCreate function in the GD Graphics Library\n (aka libgd) allowed remote attackers to cause a denial of service\n (system hang) via an oversized image. (bsc#1022283)\n- CVE-2016-10166: A potential unsigned underflow in gd interpolation\n functions could lead to memory corruption in the GD Graphics Library (aka libgd) (bsc#1022263)\n- CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx()\n could lead to libgd running out of memory even on small files. (bsc#1022264)\n- CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead\n to memory corruption (bsc#1022265)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP1-2017-241,SUSE-SLE-DESKTOP-12-SP2-2017-241,SUSE-SLE-RPI-12-SP2-2017-241,SUSE-SLE-SDK-12-SP1-2017-241,SUSE-SLE-SDK-12-SP2-2017-241,SUSE-SLE-SERVER-12-SP1-2017-241,SUSE-SLE-SERVER-12-SP2-2017-241,SUSE-SLE-WE-12-SP1-2017-241,SUSE-SLE-WE-12-SP2-2017-241",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0468-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:0468-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170468-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:0468-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-February/002645.html"
},
{
"category": "self",
"summary": "SUSE Bug 1022263",
"url": "https://bugzilla.suse.com/1022263"
},
{
"category": "self",
"summary": "SUSE Bug 1022264",
"url": "https://bugzilla.suse.com/1022264"
},
{
"category": "self",
"summary": "SUSE Bug 1022265",
"url": "https://bugzilla.suse.com/1022265"
},
{
"category": "self",
"summary": "SUSE Bug 1022283",
"url": "https://bugzilla.suse.com/1022283"
},
{
"category": "self",
"summary": "SUSE Bug 1022284",
"url": "https://bugzilla.suse.com/1022284"
},
{
"category": "self",
"summary": "SUSE Bug 1022553",
"url": "https://bugzilla.suse.com/1022553"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10166 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10167 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-10168 page",
"url": "https://www.suse.com/security/cve/CVE-2016-10168/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6906 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6912 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9317 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9317/"
}
],
"title": "Security update for gd",
"tracking": {
"current_release_date": "2017-02-15T06:31:22Z",
"generator": {
"date": "2017-02-15T06:31:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:0468-1",
"initial_release_date": "2017-02-15T06:31:22Z",
"revision_history": [
{
"date": "2017-02-15T06:31:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gd-2.1.0-23.1.aarch64",
"product": {
"name": "gd-2.1.0-23.1.aarch64",
"product_id": "gd-2.1.0-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "gd-devel-2.1.0-23.1.aarch64",
"product": {
"name": "gd-devel-2.1.0-23.1.aarch64",
"product_id": "gd-devel-2.1.0-23.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gd-devel-2.1.0-23.1.ppc64le",
"product": {
"name": "gd-devel-2.1.0-23.1.ppc64le",
"product_id": "gd-devel-2.1.0-23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gd-2.1.0-23.1.ppc64le",
"product": {
"name": "gd-2.1.0-23.1.ppc64le",
"product_id": "gd-2.1.0-23.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gd-devel-2.1.0-23.1.s390x",
"product": {
"name": "gd-devel-2.1.0-23.1.s390x",
"product_id": "gd-devel-2.1.0-23.1.s390x"
}
},
{
"category": "product_version",
"name": "gd-2.1.0-23.1.s390x",
"product": {
"name": "gd-2.1.0-23.1.s390x",
"product_id": "gd-2.1.0-23.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gd-2.1.0-23.1.x86_64",
"product": {
"name": "gd-2.1.0-23.1.x86_64",
"product_id": "gd-2.1.0-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "gd-32bit-2.1.0-23.1.x86_64",
"product": {
"name": "gd-32bit-2.1.0-23.1.x86_64",
"product_id": "gd-32bit-2.1.0-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "gd-devel-2.1.0-23.1.x86_64",
"product": {
"name": "gd-devel-2.1.0-23.1.x86_64",
"product_id": "gd-devel-2.1.0-23.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP1",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP2",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64"
},
"product_reference": "gd-2.1.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-32bit-2.1.0-23.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64"
},
"product_reference": "gd-32bit-2.1.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64"
},
"product_reference": "gd-2.1.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-32bit-2.1.0-23.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
},
"product_reference": "gd-32bit-2.1.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64"
},
"product_reference": "gd-2.1.0-23.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.1.0-23.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le"
},
"product_reference": "gd-devel-2.1.0-23.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.1.0-23.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x"
},
"product_reference": "gd-devel-2.1.0-23.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.1.0-23.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64"
},
"product_reference": "gd-devel-2.1.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.1.0-23.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64"
},
"product_reference": "gd-devel-2.1.0-23.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.1.0-23.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le"
},
"product_reference": "gd-devel-2.1.0-23.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.1.0-23.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x"
},
"product_reference": "gd-devel-2.1.0-23.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-devel-2.1.0-23.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64"
},
"product_reference": "gd-devel-2.1.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le"
},
"product_reference": "gd-2.1.0-23.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x"
},
"product_reference": "gd-2.1.0-23.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64"
},
"product_reference": "gd-2.1.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le"
},
"product_reference": "gd-2.1.0-23.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x"
},
"product_reference": "gd-2.1.0-23.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64"
},
"product_reference": "gd-2.1.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64"
},
"product_reference": "gd-2.1.0-23.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le"
},
"product_reference": "gd-2.1.0-23.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x"
},
"product_reference": "gd-2.1.0-23.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64"
},
"product_reference": "gd-2.1.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64"
},
"product_reference": "gd-2.1.0-23.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le"
},
"product_reference": "gd-2.1.0-23.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x"
},
"product_reference": "gd-2.1.0-23.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-2.1.0-23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64"
},
"product_reference": "gd-2.1.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-32bit-2.1.0-23.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP1",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64"
},
"product_reference": "gd-32bit-2.1.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gd-32bit-2.1.0-23.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP2",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
},
"product_reference": "gd-32bit-2.1.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10166"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10166",
"url": "https://www.suse.com/security/cve/CVE-2016-10166"
},
{
"category": "external",
"summary": "SUSE Bug 1022069 for CVE-2016-10166",
"url": "https://bugzilla.suse.com/1022069"
},
{
"category": "external",
"summary": "SUSE Bug 1022263 for CVE-2016-10166",
"url": "https://bugzilla.suse.com/1022263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-15T06:31:22Z",
"details": "moderate"
}
],
"title": "CVE-2016-10166"
},
{
"cve": "CVE-2016-10167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10167"
}
],
"notes": [
{
"category": "general",
"text": "The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10167",
"url": "https://www.suse.com/security/cve/CVE-2016-10167"
},
{
"category": "external",
"summary": "SUSE Bug 1022069 for CVE-2016-10167",
"url": "https://bugzilla.suse.com/1022069"
},
{
"category": "external",
"summary": "SUSE Bug 1022264 for CVE-2016-10167",
"url": "https://bugzilla.suse.com/1022264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-15T06:31:22Z",
"details": "low"
}
],
"title": "CVE-2016-10167"
},
{
"cve": "CVE-2016-10168",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-10168"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-10168",
"url": "https://www.suse.com/security/cve/CVE-2016-10168"
},
{
"category": "external",
"summary": "SUSE Bug 1022069 for CVE-2016-10168",
"url": "https://bugzilla.suse.com/1022069"
},
{
"category": "external",
"summary": "SUSE Bug 1022265 for CVE-2016-10168",
"url": "https://bugzilla.suse.com/1022265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-15T06:31:22Z",
"details": "moderate"
}
],
"title": "CVE-2016-10168"
},
{
"cve": "CVE-2016-6906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6906"
}
],
"notes": [
{
"category": "general",
"text": "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6906",
"url": "https://www.suse.com/security/cve/CVE-2016-6906"
},
{
"category": "external",
"summary": "SUSE Bug 1022553 for CVE-2016-6906",
"url": "https://bugzilla.suse.com/1022553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-15T06:31:22Z",
"details": "low"
}
],
"title": "CVE-2016-6906"
},
{
"cve": "CVE-2016-6912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6912"
}
],
"notes": [
{
"category": "general",
"text": "Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6912",
"url": "https://www.suse.com/security/cve/CVE-2016-6912"
},
{
"category": "external",
"summary": "SUSE Bug 1022284 for CVE-2016-6912",
"url": "https://bugzilla.suse.com/1022284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-15T06:31:22Z",
"details": "important"
}
],
"title": "CVE-2016-6912"
},
{
"cve": "CVE-2016-9317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9317"
}
],
"notes": [
{
"category": "general",
"text": "The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9317",
"url": "https://www.suse.com/security/cve/CVE-2016-9317"
},
{
"category": "external",
"summary": "SUSE Bug 1022283 for CVE-2016-9317",
"url": "https://bugzilla.suse.com/1022283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP2:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:gd-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:gd-devel-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP1:gd-32bit-2.1.0-23.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:gd-32bit-2.1.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-15T06:31:22Z",
"details": "moderate"
}
],
"title": "CVE-2016-9317"
}
]
}
gsd-2016-6912
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-6912",
"description": "Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.",
"id": "GSD-2016-6912",
"references": [
"https://www.suse.com/security/cve/CVE-2016-6912.html",
"https://www.debian.org/security/2017/dsa-3777",
"https://ubuntu.com/security/CVE-2016-6912",
"https://advisories.mageia.org/CVE-2016-6912.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-6912"
],
"details": "Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.",
"id": "GSD-2016-6912",
"modified": "2023-12-13T01:21:23.859613Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"
},
{
"name": "DSA-3777",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3777"
},
{
"name": "https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2"
},
{
"name": "95843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95843"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6912"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2"
},
{
"name": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Patch"
],
"url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"
},
{
"name": "95843",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/95843"
},
{
"name": "DSA-3777",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2017/dsa-3777"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2017-11-04T01:29Z",
"publishedDate": "2017-01-26T15:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…