Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-8877

Published: 21 May 2016

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.

Notes

AuthorNote
mdeslaur
php uses the system libgd2
tyhicks
2.1.0-3, as shipped in Trusty, has quite a different implementation
for gdImageScaleTwoPass() but I believe it is still affected

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
libgd2
Launchpad, Ubuntu, Debian
upstream
Released (2.2.0)
precise Not vulnerable
(code not present)
trusty
Released (2.1.0-3ubuntu0.1)
wily
Released (2.1.1-4ubuntu0.15.10.1)
xenial
Released (2.1.1-4ubuntu0.16.04.1)
Patches:
upstream: https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24
php5
Launchpad, Ubuntu, Debian
upstream
Released (5.6.12)
precise Not vulnerable
(uses system gd)
trusty Not vulnerable
(uses system gd)
wily Not vulnerable
(uses system gd)
xenial Does not exist

php7.0
Launchpad, Ubuntu, Debian
upstream Not vulnerable

precise Does not exist

trusty Does not exist

wily Does not exist

xenial Not vulnerable
(uses system gd)