CVE-2016-3074: libgd: signedness vulnerability

Posted by Hans Jerry Illikainen on Apr 21

Overview
========

libgd [1] is an open-source image library. It is perhaps primarily used
by the PHP project. It has been bundled with the default installation
of PHP since version 4.3 [2].

A signedness vulnerability (CVE-2016-3074) exist in libgd 2.1.1 which
may result in a heap overflow when processing compressed gd2 data.

Details
=======

4 bytes representing the chunk index size is stored in a signed integer,
chunkIdx[i].size, by…

Leave a Reply