user/libgd: CVE-2018-14553: NULL pointer dereference
Bugzilla ID | 240 |
Alias(es) | CVE-2018-14553 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-02-24 23:22:11 -0600 |
Modified | 2020-03-09 21:56:49 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2018-14553 |
Description
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL
pointer dereference allowing attackers to crash an application via a
specific function call sequence. Only affects PHP when linked with an
external libgd (not bundled).