CVE-2017-6363

Name of the Vulnerable Software and Affected Versions GD Graphics Library versions through 2.2.5

Description The issue is related to a heap-based buffer over-read in the tiffWriter function in gd tiff.c. This can allow a remote attacker to access confidential data and cause a denial of service using a specially crafted file in GD or GD2 formats. The vendor notes that the GD and GD2 formats are documented as obsolete and should only be used for development and testing purposes.

Recommendations For versions through 2.2.5, consider disabling the tiffWriter function in gd tiff.c as a temporary workaround to minimize the risk of exploitation. Restrict access to files in GD and GD2 formats to prevent potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.