user/libgd: multiple vulnerabilities
Bugzilla ID | 159 |
Alias(es) | CVE-2018-1000222, CVE-2018-5711, CVE-2019-6977, CVE-2019-6978 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-07-31 10:15:54 -0500 |
Modified | 2019-10-03 11:48:29 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Description
CVE-2018-1000222: https://nvd.nist.gov/vuln/detail/CVE-2018-1000222
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability
in gdImageBmpPtr Function that can result in Remote Code Execution .
This attack appear to be exploitable via Specially Crafted Jpeg Image
can trigger double free. This vulnerability appears to have been fixed
in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.
CVE-2019-6977: https://nvd.nist.gov/vuln/detail/CVE-2019-6977
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka
LibGD) 2.2.5, as used in the imagecolormatch function in PHP before
5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before
7.3.1, has a heap-based buffer overflow. This can be exploited by an
attacker who is able to trigger imagecolormatch calls with crafted
image data.
CVE-2019-6978: https://nvd.nist.gov/vuln/detail/CVE-2019-6978
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the
gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c.
NOTE: PHP is unaffected.