Mageia 2019-0073 Critical: LibGD Buffer Overflow Exploit
mageia
February 13, 2019
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5 has a heap-based buffer overflow
Summary
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka
LibGD) 2.2.5 has a heap-based buffer overflow. This can be exploited by an
attacker who is able to trigger calls to the function with crafted image
data (CVE-2019-6977).
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the
gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c
(CVE-2019-6978).
References
- https://bugs.mageia.org/show_bug.cgi?id=24336
- https://lists.debian.org/debian-security-announce/2019/msg00023.html
- https://www.cve.org/CVERecord?id=CVE-2019-6977
- https://www.cve.org/CVERecord?id=CVE-2019-6978
Resolution
SRPMS
- 6/core/libgd-2.2.5-2.3.mga6
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 13 Feb 2019
URL: https://advisories.mageia.org/MGASA-2019-0073.html
Type: security
CVE: CVE-2019-6977,
CVE-2019-6978
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!