PT-2017-4205 · Gd+3 · Gd Graphics Library+3
Varsleak
·
Published
2017-02-17
·
Updated
2024-08-05
·
CVE-2017-6363
CVSS v2.0
8.8
High
| Vector | AV:N/AC:M/Au:N/C:C/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
GD Graphics Library versions through 2.2.5
Description
The issue is related to a heap-based buffer over-read in the
tiffWriter function in gd tiff.c. This can allow a remote attacker to access confidential data and cause a denial of service using a specially crafted file in GD or GD2 formats. The vendor notes that the GD and GD2 formats are documented as obsolete and should only be used for development and testing purposes.Recommendations
For versions through 2.2.5, consider disabling the
tiffWriter function in gd tiff.c as a temporary workaround to minimize the risk of exploitation. Restrict access to files in GD and GD2 formats to prevent potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Gd Graphics Library
Linuxmint
Ubuntu