Bug 923945 (CVE-2014-9709) - VUL-0: CVE-2014-9709: gd: buffer read overflow in gd_gif_in.c
Summary: VUL-0: CVE-2014-9709: gd: buffer read overflow in gd_gif_in.c
Status: RESOLVED FIXED
Alias: CVE-2014-9709
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Minor
Target Milestone: ---
Deadline: 2015-07-01
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/114992/
Whiteboard: maint:released:sle11-sp1:61286 maint:...
Keywords:
Depends on:
Blocks: 923946
  Show dependency treegraph
 
Reported: 2015-03-24 10:44 UTC by Marcus Meissner
Modified: 2016-08-08 14:26 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
CVE-2014-9709.gif (2.51 KB, image/gif)
2015-05-12 11:52 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-03-24 10:44:11 UTC 
via oss-sec

From: Francisco Alonso <falonsoe@redhat.com>
Date: Mon, 23 Mar 2015 10:59:23 -0400 (EDT)
Subject: [oss-security] CVE Request: gd buffer read overflow in gd_gif_in.c


gd: buffer read overflow in gd_gif_in.c
https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43
https://bugs.php.net/bug.php?id=68601
https://bugzilla.redhat.com/show_bug.cgi?id=1188639
Comment 1 Petr Gajdos 2015-03-24 13:48:45 UTC 
Fixed for factory (2.1.1).
Comment 3 Petr Gajdos 2015-03-24 14:49:58 UTC 
Affected down to 10sp2.
Comment 4 Petr Gajdos 2015-03-24 14:50:49 UTC 
QA: no testcase, 'possible buffer read overflow'
Comment 5 Petr Gajdos 2015-03-24 14:54:50 UTC 
Packages submitted.
Comment 7 Swamp Workflow Management 2015-03-24 15:40:53 UTC 
An update workflow for this issue was started.
This issue was rated as low.
Please submit fixed packages until 2015-04-21.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61283
Comment 8 Marcus Meissner 2015-03-24 15:53:47 UTC 
I asked for a reproducer in the php bug.
Comment 10 Swamp Workflow Management 2015-03-31 11:05:08 UTC 
openSUSE-SU-2015:0637-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 923945
CVE References: CVE-2014-9709
Sources used:
openSUSE 13.2 (src):    gd-2.1.0-7.5.1
openSUSE 13.1 (src):    gd-2.0.36.RC1-78.4.1
Comment 11 Swamp Workflow Management 2015-05-07 20:05:35 UTC 
SUSE-SU-2015:0835-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 923945
CVE References: CVE-2014-9709
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    gd-2.0.36.RC1-52.20.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    gd-2.0.36.RC1-52.20.1
SUSE Linux Enterprise Server 11 SP3 (src):    gd-2.0.36.RC1-52.20.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    gd-2.0.36.RC1-52.20.1
Comment 12 Marcus Meissner 2015-05-12 11:52:56 UTC 
Created attachment 633947 [details]
CVE-2014-9709.gif

giftogd2 CVE-2014-9709.gif foo.gd2 1 1


seems to crash only with address sanitizer.
Comment 13 Swamp Workflow Management 2015-05-13 13:05:54 UTC 
SUSE-SU-2015:0866-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 923945
CVE References: CVE-2014-9709
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    gd-2.1.0-5.1
SUSE Linux Enterprise Software Development Kit 12 (src):    gd-2.1.0-5.1
SUSE Linux Enterprise Server 12 (src):    gd-2.1.0-5.1
SUSE Linux Enterprise Desktop 12 (src):    gd-2.1.0-5.1
Comment 14 Sebastian Krahmer 2015-05-18 12:14:56 UTC 
seems to be resolved
Comment 15 Swamp Workflow Management 2015-06-03 12:37:39 UTC 
An update workflow for this issue was started.
This issue was rated as low.
Please submit fixed packages until 2015-07-01.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61877
Comment 16 Swamp Workflow Management 2016-06-21 11:13:14 UTC 
SUSE-SU-2016:1638-1: An update that fixes 85 vulnerabilities is now available.

Category: security (important)
Bug References: 884986,884987,884989,884990,884991,884992,885961,886059,886060,893849,893853,902357,902360,902368,910659,914690,917150,918768,919080,921950,922451,922452,923945,924972,925109,928506,928511,931421,931769,931772,931776,933227,935074,935224,935226,935227,935229,935232,935234,935274,935275,938719,938721,942291,942296,945412,945428,949961,968284,969821,971611,971612,971912,973351,973792,976996,976997,977003,977005,977991,977994,978827,978828,978829,978830,980366,980373,980375,981050,982010,982011,982012,982013,982162
CVE References: CVE-2004-1019,CVE-2006-7243,CVE-2014-0207,CVE-2014-3478,CVE-2014-3479,CVE-2014-3480,CVE-2014-3487,CVE-2014-3515,CVE-2014-3597,CVE-2014-3668,CVE-2014-3669,CVE-2014-3670,CVE-2014-4049,CVE-2014-4670,CVE-2014-4698,CVE-2014-4721,CVE-2014-5459,CVE-2014-8142,CVE-2014-9652,CVE-2014-9705,CVE-2014-9709,CVE-2014-9767,CVE-2015-0231,CVE-2015-0232,CVE-2015-0273,CVE-2015-1352,CVE-2015-2301,CVE-2015-2305,CVE-2015-2783,CVE-2015-2787,CVE-2015-3152,CVE-2015-3329,CVE-2015-3411,CVE-2015-3412,CVE-2015-4021,CVE-2015-4022,CVE-2015-4024,CVE-2015-4026,CVE-2015-4116,CVE-2015-4148,CVE-2015-4598,CVE-2015-4599,CVE-2015-4600,CVE-2015-4601,CVE-2015-4602,CVE-2015-4603,CVE-2015-4643,CVE-2015-4644,CVE-2015-5161,CVE-2015-5589,CVE-2015-5590,CVE-2015-6831,CVE-2015-6833,CVE-2015-6836,CVE-2015-6837,CVE-2015-6838,CVE-2015-7803,CVE-2015-8835,CVE-2015-8838,CVE-2015-8866,CVE-2015-8867,CVE-2015-8873,CVE-2015-8874,CVE-2015-8879,CVE-2016-2554,CVE-2016-3141,CVE-2016-3142,CVE-2016-3185,CVE-2016-4070,CVE-2016-4073,CVE-2016-4342,CVE-2016-4346,CVE-2016-4537,CVE-2016-4538,CVE-2016-4539,CVE-2016-4540,CVE-2016-4541,CVE-2016-4542,CVE-2016-4543,CVE-2016-4544,CVE-2016-5093,CVE-2016-5094,CVE-2016-5095,CVE-2016-5096,CVE-2016-5114
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    php53-5.3.17-47.1