Jump to content

Advisories (MDKSA-2006:113 ): tetex


Recommended Posts

Mandriva Advisories MDKSA-2006:113 : tetex


Updated tetex packages fix embedded GD vulnerabilities

June 27th, 2006


Integer overflows were reported in the GD Graphics Library (libgd)


2.0.28, and possibly other versions. These overflows allow remote


attackers tocause a denial of service and possibly execute arbitrary


code via PNG image files with large image rows values that lead to a


heap-based buffer overflow in the gdImageCreateFromPngCtx() function.


Tetex contains an embedded copy of the GD library code. (CAN-2004-0941)




The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas


Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers


to cause a denial of service (CPU consumption) via malformed GIF data that


causes an infinite loop.Tetex contains an embedded copy of the GD library


code. (CVE-2006-2906)




Updated packages have been patched to address both issues.



The released versions of Mandriva GNU/Linux affected are:

  • 10.2
  • 2006.0

Full information about this advisory, including the updated packages, is available at:



Other references:




Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)

Link to comment
Share on other sites


  • Create New...