Bug 213020 - graphics/gd: Fix integer overflow in gdImageWebpCtx
Summary: graphics/gd: Fix integer overflow in gdImageWebpCtx
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Dirk Meyer
URL: https://github.com/libgd/libgd/issues...
Keywords: patch, security
Depends on: 213023
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-27 13:27 UTC by VK
Modified: 2016-10-16 18:45 UTC (History)
4 users (show)

See Also:
dinoex: maintainer-feedback+
dinoex: merge-quarterly-

Attachments
Fix integer overflow in gdImageWebpCtx (1.68 KB, patch)
2016-09-27 13:27 UTC, VK 		vlad-fbsd: maintainer-approval? (dinoex)
 Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description VK 2016-09-27 13:27:17 UTC 
Created attachment 175197 [details]
Fix integer overflow in gdImageWebpCtx

An integer overflow issue was found in function gdImageWebpCtx of file gd_webp.c which could lead to heap buffer overflow.

* Upstream issue:
  https://github.com/libgd/libgd/issues/308

* Upstream commit:
  https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03

* CVE request:
  http://seclists.org/oss-sec/2016/q3/626

Patch attached. Passes Poudriere build with 11.0-RELEASE amd64. Running build tests for 10.3 and 9.3.

VuXML entry coming up.

CC ports-secteam and maintainers of php70-gd and php56-gd.
Comment 1 VK 2016-09-27 14:20:15 UTC 
Passes Poudriere builds for 10.3-p9 and 9.3-p47, both amd64.
Comment 2 VK 2016-10-15 20:21:35 UTC 
Maintainer timeout, back to the pool.
Comment 3 Dirk Meyer freebsd_committer freebsd_triage 2016-10-16 18:31:03 UTC 
option is disabled, so the patch is a no op
marked for later.
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-10-16 18:41:57 UTC 
A commit references this bug:

Author: dinoex
Date: Sun Oct 16 18:41:21 UTC 2016
New revision: 424078
URL: https://svnweb.freebsd.org/changeset/ports/424078

Log:
  - fix option WEBP
  - make option WEBP default
  PR:		211368

  - Security patch, port was not vulnerable
  Security: https://github.com/libgd/libgd/issues/308
  Security: http://seclists.org/oss-sec/2016/q3/626
  Security: CVE-2016-7568
  PR:		213020

Changes:
  head/graphics/gd/Makefile
  head/graphics/gd/files/patch-gd_webp.c
Comment 5 Dirk Meyer freebsd_committer freebsd_triage 2016-10-16 18:45:05 UTC 
port was bot vulnerable, option was disabled.