1
PublicDateAtUSN: 2016-12-31
2
Candidate: CVE-2016-10168
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168
6
http://www.openwall.com/lists/oss-security/2017/01/26/1
7
https://usn.ubuntu.com/usn/usn-3213-1
9
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before
10
2.2.4 allows remote attackers to have unspecified impact via vectors
11
involving the number of horizontal and vertical chunks in an image.
14
mdeslaur> php uses the system libgd2
21
upstream: https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
22
upstream_libgd2: needed
23
precise_libgd2: released (2.0.36~rc1~dfsg-6ubuntu2.4)
24
trusty_libgd2: released (2.1.0-3ubuntu0.6)
25
vivid/stable-phone-overlay_libgd2: DNE
26
vivid/ubuntu-core_libgd2: DNE
27
xenial_libgd2: released (2.1.1-4ubuntu0.16.04.6)
28
yakkety_libgd2: released (2.2.1-1ubuntu3.3)
29
devel_libgd2: not-affected (2.2.4-2)
32
upstream_php5: released (5.6.30)
33
precise_php5: not-affected (uses system gd)
34
trusty_php5: not-affected (uses system gd)
35
vivid/ubuntu-core_php5: DNE
36
vivid/stable-phone-overlay_php5: DNE
42
upstream_php7.0: released (7.0.15)
45
vivid/ubuntu-core_php7.0: DNE
46
vivid/stable-phone-overlay_php7.0: DNE
47
xenial_php7.0: not-affected (uses system gd)
48
yakkety_php7.0: not-affected (uses system gd)
49
devel_php7.0: not-affected (uses system gd)
52
upstream_php7.1: released (7.1.1)
55
vivid/ubuntu-core_php7.1: DNE
56
vivid/stable-phone-overlay_php7.1: DNE
59
devel_php7.1: not-affected (uses system gd)