The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.
La función read_image_tga en gd_tga.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo TGA manipulado, relacionado con el búfer de descompresión.
Stefan Esser discovered that the GD library incorrectly handled memory when processing certain images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that the GD library incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service. Various other issues were also addressed.
