[3.8] gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222) (#9499) · Issues · alpine / aports

[3.8] gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222)

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result
in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free.
This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.

References:

https://github.com/libgd/libgd/issues/447
https://nvd.nist.gov/vuln/detail/CVE-2018-1000222

Patch:

https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5

(from redmine: issue id 9499, created on 2018-10-02, closed on 2018-10-04)

Relations:
- parent #9497 (closed)
Changesets:
- Revision 0b188437 by Natanael Copa on 2018-10-02T14:05:06Z:

main/gd: backport security fix for CVE-2018-1000222

fixes #9499

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information