[3.6] gd: Multiple vulnerabilities (CVE-2018-5711, CVE-2019-6977, CVE-2019-6978)
CVE-2018-5711: It was discovered that there was a denial-of-service
attack in the
libgd2 image library. A corrupt file could have exploited a signedness
confusion leading to an infinite loop.
CVE-2019-6977: gdImageColorMatch in gd_color_match.c in the GD
Graphics Library (aka LibGD) 2.2.5, has a heap-based
buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
CVE-2019-6978: The GD Graphics Library (aka LibGD) 2.2.5 has a
double free in the gdImage*Ptr()
functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
(from redmine: issue id 10087, created on 2019-03-11, closed on 2019-04-15)
main/gd: modernize and add security patches CVE-2018-5711, CVE-2019-6977, CVE-2019-6978 Fixes #10087