Univention Bugzilla – Bug 48596
libgd2: Multiple issues (4.2)
Last modified: 2019-02-06 12:55:59 CET
New Debian libgd2 2.1.0-5+deb8u12 fixes: This update addresses the following issues: * Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711) * Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222) * gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. (CVE-2019-6977) * The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. (CVE-2019-6978)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/libgd2_2.1.0-5+deb8u11.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/libgd2_2.1.0-5+deb8u12.dsc @@ -1,3 +1,18 @@ +2.1.0-5+deb8u12 [Wed, 30 Jan 2019 19:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2019-6977 + Fix for potential double free in gdImage*Ptr() + * CVE-2019-6978 + Fix for a heap-based buffer overflow, exploitable with + crafted image data. + * CVE-2018-1000222 + Fix for a double free vulnerability by a crafted image, + that can result in remote code execution. + * CVE-2018-5711 + Fix for a integer signedness error that leads to an + infinite loop via a crafted GIF file. + 2.1.0-5+deb8u11 [Thu, 31 Aug 2017 14:31:50 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.2-5/#1313933890487732393>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] e562406233 Bug #48596: libgd2 2.1.0-5+deb8u12 doc/errata/staging/libgd2.yaml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) [4.2-5] 3507e26140 Bug #48596: libgd2 2.1.0-5+deb8u12 doc/errata/staging/libgd2.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
<http://errata.software-univention.de/ucs/4.2/593.html>