MGASA-2017-0055

Advisory lineage Upstream: 5 Downstream: 0

Upstream

CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6912 CVE-2016-9317

Published: 20 Feb 2017, 13:00

Last modified:16 Apr 2026, 06:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Feb 2017, 13:00

Published

Vulnerability first disclosed

16 Apr 2026, 06:26

Last Modified

Vulnerability information updated

Description

Updated libgd packages fix security vulnerability OOB reads of the TGA decompression buffer (CVE-2016-6906). Double-free in gdImageWebPtr() (CVE-2016-6912). gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities (CVE-2016-9317). Potential unsigned underflow in gd_interpolation.c (CVE-2016-10166). DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167). Signed Integer Overflow gd_io.c (CVE-2016-10168).

Affected Systems

mageia•libgd
< 2.2.4-1.1.mga5

MGASA-2017-0055

Vulnerability Summary

Timeline

Description

Affected Systems

References (6)