Source: libgd2 Version: 2.2.3-3 Severity: grave Tags: security patch upstream fixed-upstream Justification: user security hole Forwarded: https://github.com/libgd/libgd/issues/308
Hi, the following vulnerability was published for libgd2. CVE-2016-7568[0]: | Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD | Graphics Library (aka libgd) through 2.2.3, as used in PHP through | 7.0.11, allows remote attackers to cause a denial of service | (heap-based buffer overflow) or possibly have unspecified other impact | via crafted imagewebp and imagedestroy calls. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-7568 [1] https://github.com/libgd/libgd/issues/308 [2] https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
