[3.9] gd: Multiple vulnerabilities (CVE-2018-5711, CVE-2019-6977, CVE-2019-6978)
CVE-2018-5711: It was discovered that there was a denial-of-service
attack in the
libgd2 image library. A corrupt file could have exploited a signedness
confusion leading to an infinite loop.
References:
https://lists.debian.org/debian-lts-announce/2018/01/msg00022.html
Patch:
https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
CVE-2019-6977: gdImageColorMatch in gd_color_match.c in the GD
Graphics Library (aka LibGD) 2.2.5, has a heap-based
buffer overflow. This can be exploited by an attacker who is able to
trigger imagecolormatch calls with crafted image data.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-6977
Patch:
https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced
CVE-2019-6978: The GD Graphics Library (aka LibGD) 2.2.5 has a
double free in the gdImage*Ptr()
functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is
unaffected.
References:
https://github.com/libgd/libgd/issues/492
https://nvd.nist.gov/vuln/detail/CVE-2019-6978
Patch:
https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
(from redmine: issue id 10084, created on 2019-03-11, closed on 2019-04-15)
- Relations:
- parent #10083 (closed)
- Changesets:
- Revision 2af60a5c on 2019-04-08T12:47:56Z:
main/gd: modernize and add security patches
CVE-2018-5711, CVE-2019-6977, CVE-2019-6978
Fixes #10084