| Errata ID | 346 |
|---|---|
| Date | 2018-05-08 |
| Source package | libgd2 |
| Fixed in version | 2.1.0-5+deb8u11 |
| Description | This update addresses the following issues: * The GIF decoding function gdImageCreateFromGifCtx does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. (CVE-2017-7890) * Double free vulnerability in the gdImagePngPtr function allows remote attackers to cause a denial of service via vectors related to a palette with no colors. (CVE-2017-6362) |
| Additional notes | |
| CVE ID | CVE-2017-7890 CVE-2017-6362 |
| UCS Bug number | #45349 |
