libgd: signedness vulnerability (CVE-2016-3074)

Created:

2016-11-16 12:58:48 UTC

Modified:

2017-08-08 13:33:49 UTC

0

Was this article helpful?


Have more questions?

Submit a request

libgd: signedness vulnerability (CVE-2016-3074)

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk 12.0 for Linux

Symptoms

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2 ) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. This major security issue got CVE-2016-3074 assigned.

PHP packaged by Plesk team uses this library and could be affected.

Resolution

Affected PHP versions were already updated by vendor to include fixes this security issue. Plesk team also updated PHP in our package to close this security treat, fix is included in the recent Micro-Updates:

For Plesk versions below 12.0 there is no PHP package from Plesk team, please apply updates released by OS vendor:

Plesk takes the security of our customers very seriously and encourages you to apply updates as soon as possible.

Have more questions? Submit a request
Please sign in to leave a comment.