Advisories ยป MGASA-2019-0073

Updated libgd packages fix security vulnerability

Publication date: 13 Feb 2019
Modification date: 13 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-6977 , CVE-2019-6978

Description

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka
LibGD) 2.2.5 has a heap-based buffer overflow. This can be exploited by an
attacker who is able to trigger calls to the function with crafted image
data (CVE-2019-6977).

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the
gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c
(CVE-2019-6978).
                

References

SRPMS

6/core