Updated libgd packages fix security vulnerabilityPublication date: 13 Feb 2019
Affected Mageia releases : 6
CVE: CVE-2019-6977 , CVE-2019-6978
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5 has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger calls to the function with crafted image data (CVE-2019-6977). The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978).