-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libgd2 Version : 2.0.36~rc1~dfsg-6.1+deb7u5 CVE ID : CVE-2016-6161
A global out of bounds read when encoding gif from malformed input was found in this software.
When given invalid inputs, we might be fed the EOF marker before it is actually the EOF. The gif logic assumes once it sees the EOF marker, there won't be any more data, so it leaves the cur_bits index possibly negative. So when we get more data, we underflow the masks array. For Debian 7 "Wheezy", these problems have been fixed in version 2.0.36~rc1~dfsg-6.1+deb7u5. We recommend that you upgrade your libgd2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJXl890XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHsAUP/11oE27X/4HnQo+aMgSgRzrN 72CPVn5UURqfCu/2YQOgu78QsEpa+6g90OuXgyVbPHxrX10aDjH2yExcZ+RQx6AU PMEgHpUU5pYIgQlbdgzK5xn1+HIisNhvmXOPICmtUgS6pnk4eR7j1/H4x1hT2aGb RNYGFU/LLtywDRD3FZfgGoHgvzJrq80qzmg8dXLReYdwY4tZ4ViURjwzayewBrXl GBYGFCSNJoINNXcsWYH/XWE3WgShu++8X92HXzt8C0iU6RMtsBhStpKh51whFXAH 8up1heUyIU1PN3W4UzY5mBcGspT7W/aUM6wDEWxTnINjoRr1AesDK9Th3Mz4CESK pHCq2ildftt02VSNQ6T4u/LHTOoiE+pD39yVnc+jPV+rXP8Bq7dc4ASD8zkKQU0Q YQ8C0TTZfzf9DwoZMXfYprqmNeyu0qjXxchlD+X9Dc+LqjFGsldOW8YbtDQhBmeI H2xVjabZ3hm4RFwZAOw4AKweQVkXoCqZUNVYp1Q8dtCj8bkx2DyudnzDcRHPzo6/ s2mWU2hyPL6oSeDPk6IsrFLt64/bA993LT/eQt71rf2crcXCvRMPgpPionwLQmy1 5S9ZnvtGpzUsAmFSsnWtmniuvVn+n/7N0WdctJqBqeHrwe/MAmT/yhhYTwR0TJEO RGsBkRdvMruSn48iEGQX =1Hl3 -----END PGP SIGNATURE-----
