Vulnerabilities > CVE-2018-14553 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 | |
OS | 1 | |
OS | 4 | |
OS | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-332.NASL description This update for gd fixes the following issues : Security issue fixed : - CVE-2018-14553: Fixed a NULL pointer dereference in gdImageClone (bsc#1165471). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-03-18 modified 2020-03-11 plugin id 134398 published 2020-03-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134398 title openSUSE Security Update : gd (openSUSE-2020-332) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2020-332. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(134398); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13"); script_cve_id("CVE-2018-14553", "CVE-2019-11038"); script_name(english:"openSUSE Security Update : gd (openSUSE-2020-332)"); script_summary(english:"Check for the openSUSE-2020-332 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for gd fixes the following issues : Security issue fixed : - CVE-2018-14553: Fixed a NULL pointer dereference in gdImageClone (bsc#1165471). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140120" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1165471" ); script_set_attribute(attribute:"solution", value:"Update the affected gd packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11038"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gd-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgd3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgd3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgd3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgd3-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"gd-2.2.5-lp151.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gd-debuginfo-2.2.5-lp151.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gd-debugsource-2.2.5-lp151.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gd-devel-2.2.5-lp151.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libgd3-2.2.5-lp151.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libgd3-debuginfo-2.2.5-lp151.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libgd3-32bit-2.2.5-lp151.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libgd3-32bit-debuginfo-2.2.5-lp151.6.6.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gd / gd-debuginfo / gd-debugsource / gd-devel / libgd3 / etc"); }
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2020-083-01.NASL description New gd packages are available for Slackware 14.2 and -current to fix security issues. last seen 2020-03-26 modified 2020-03-24 plugin id 134850 published 2020-03-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134850 title Slackware 14.2 / current : gd (SSA:2020-083-01) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2106.NASL description A vulnerability was discovered in libgd2, the GD graphics library, whereby an attacker can employ a specific function call sequence to trigger a NULL pointer dereference, subsequently crash the application using libgd2, and create a denial of service. For Debian 8 last seen 2020-03-17 modified 2020-02-18 plugin id 133730 published 2020-02-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133730 title Debian DLA-2106-1 : libgd2 security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0623-1.NASL description This update for gd fixes the following issues : CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241). CVE-2018-14553: Fixed a NULL pointer dereference in gdImageClone() (bsc#1165471). CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-03-10 plugin id 134366 published 2020-03-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134366 title SUSE SLED12 / SLES12 Security Update : gd (SUSE-SU-2020:0623-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0594-1.NASL description This update for gd fixes the following issues : Security issue fixed : CVE-2018-14553: Fixed a NULL pointer dereference in gdImageClone (bsc#1165471). CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-03-06 plugin id 134297 published 2020-03-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134297 title SUSE SLED15 / SLES15 Security Update : gd (SUSE-SU-2020:0594-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0213_LIBGD.NASL description An update of the libgd package has been released. last seen 2020-03-17 modified 2020-03-11 plugin id 134422 published 2020-03-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134422 title Photon OS 2.0: Libgd PHSA-2020-2.0-0213 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0063_LIBGD.NASL description An update of the libgd package has been released. last seen 2020-03-17 modified 2020-03-02 plugin id 134210 published 2020-03-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134210 title Photon OS 3.0: Libgd PHSA-2020-3.0-0063
References
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1599032
- https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f
- https://github.com/libgd/libgd/pull/580
- https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html
- https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
- https://usn.ubuntu.com/4316-1/
- https://usn.ubuntu.com/4316-2/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html
- https://usn.ubuntu.com/4316-2/
- https://usn.ubuntu.com/4316-1/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
- https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html
- https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html
- https://github.com/libgd/libgd/pull/580
- https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f
- https://bugzilla.redhat.com/show_bug.cgi?id=1599032