Advisories » MGASA-2019-0073

Updated libgd packages fix security vulnerability

Publication date: 13 Feb 2019
Modification date: 13 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-6977 , CVE-2019-6978

Description

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka
LibGD) 2.2.5 has a heap-based buffer overflow. This can be exploited by an
attacker who is able to trigger calls to the function with crafted image
data (CVE-2019-6977).

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the
gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c
(CVE-2019-6978).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24336
• https://www.debian.org/security/2019/dsa-4384
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978

SRPMS

6/core

• libgd-2.2.5-2.3.mga6