[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 189-1] libgd2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libgd2
Version        : 2.0.36~rc1~dfsg-5+deb6u1
CVE ID         : CVE-2014-2497 CVE-2014-9709
Debian Bug     : 744719

Multiple vulnerabilities were discovered in libgd2, a graphics library:

CVE-2014-2497

    The gdImageCreateFromXpm() function would try to dereference a NULL
    pointer when reading an XPM file with a special color table. This
    could allow remote attackers to cause a denial of service (crash) via
    crafted XPM files.

CVE-2014-9709

    Importing an invalid GIF file using the gdImageCreateFromGif() function
    would cause a read buffer overflow that could allow remote attackers to
    cause a denial of service (crash) via crafted GIF files.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVJWRXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHogsQALGpAze4RSAKYvbfeBRNypns
UMiRSXZFKpafPAFDl63sH6cs0p/8PDWsxRBlWlEzHJGy6DiNZvae+eNA5yjvrEGu
outy3yU53aWhe8Utyed32yPSzsanCcQlovpwn+02yx+efSpJqoytxY3VbVjRf9u5
PWSefp3Fc6nurqhzOCWi7R4tC7X4b9NY9X/JOXiWV9ZRHMdYbTFgxsm6ZaXP4Mbq
nMYjsTfv26X7bqntETaHkpOAQn51waoThZtjR46ZcDGdeVFZ7UktmKSdEtJtsPAj
ApSzZFF4+Df48i1uwZvY+wBqT+GevLP9f5jzS4xLN8K4vEB5zIk51cWn0v6jmT/7
D0qy5RzUi1YMzKw51m9TPujAlEM2w+sXoCQABbeLJfIC8xhNCWccTBJuegSWBvT+
L5jBpiKW9thks8TcFBHI+krCZH+J0q+yVgBMKas22n83a+y7Q2IHzPMbZjLYNDbO
yMAbSA1nUftwBog7Xliv5uKxII82Q+q6A+y2z4MbJ21rpWm28qLBiqmYWJfMSo/v
bSio5m8K6H1/gV6OCA9kF83vBydEqLzwo1zya3BciCLo6VS6WkFHnvX4PdDy3ttU
qTkknHFGnmjnj9J9GT3eFwWGaWm0iCHPEt8uApSxDiyWcNzlvWD8V1YrUKckZ5xl
cnVmjM/mYe1fdK9sBK6I
=ZCCT
-----END PGP SIGNATURE-----


Reply to: