Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability

======================================================================

                    Secunia Research 03/08/2016

           LibGD "_gdContributionsAlloc()" Integer Overflow 
	              Denial of Service Vulnerability

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerabilities.......................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

* LibGD version 2.2.2.
  Prior versions may also be affected.

======================================================================
2) Severity

Rating: Moderately critical
Impact: Denial of Service
Where:  From remote

======================================================================
3) Description of Vulnerabilities

Secunia Research has discovered a vulnerability in LibGD, which can
be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an integer overflow error within
the "_gdContributionsAlloc()" function (gd_interpolation.c) 
and can be exploited to cause an out-of-bounds memory write access 
or exhaust available memory.

======================================================================
4) Solution

Update to version 2.2.3.

======================================================================
5) Time Table

03/07/2016 - Initial contact with vendor.
03/07/2016 - Vendor responds and confirms the issue and sends a patch.
07/07/2016 - Replied to the vendor the patch is incomplete.
13/07/2016 - CVE requested from Mitre.
13/07/2016 - Mitre assigns CVE-2016-6207 for the issue.
19/07/2016 - Vendor patches the issue in the source code repository.
19/07/2016 - Release of Secunia Advisory SA71416
22/07/2016 - Vendor releases fixed version 2.2.3.
03/08/2016 - Public disclosure of Research Advisory.

======================================================================
6) Credits

Discovered by Kasper Leigh Haabb, Secunia Research at Flexera
Software.

======================================================================
7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
the CVE-2016-6207 identifier for the vulnerability.

======================================================================
8) About Secunia (now part of Flexera Software)

In September 2015, Secunia has been acquired by Flexera Software:

https://secunia.com/blog/435/

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/products/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/company/jobs/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2016-9/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================