PSIRT Advisory

LibGD security advisory [18 January 2017]

Description

The LibGD project released advisories on January 18th, 2017, July 22nd, 2016 and June 25th, 2016 describing 12 vulnerabilities, as listed below:

* gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)

* double-free in gdImageWebPtr() (CVE-2016-6912)

* potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)

* DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)

* Signed Integer Overflow gd_io.c (CVE-2016-10168)

* Integer Overflow in _gd2GetHeader (CVE-2016-5766)

* Read out-of-bands was found in the parsing of TGA files (CVE-2016-6132)

* Buffer over-read issue when parsing crafted TGA file (CVE-2016-6214)

* Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)

* Invalid color index not handled, can lead to crash (CVE-2016-6128)

* Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (CVE-2016-5767)

* Stack overflow with gdImageFillToBorder (CVE-2015-8874, CVE-2016-9933)

Impact

Denial of Service, potential buffer and Integer overflows

Affected Products

FortiOS version 5.4.4 and below

FortiAnalyzer version 5.4.2 and below

Above products might potentially be affected by this vulnerability, although there is no record of any practical exploitation scenario.

Solutions

FortiOS: Upgrade to firmware version 5.4.5 or 5.6.0

FortiAnalyzer: Upgrade to firmware version 5.4.3