Vulnerabilities > CVE-2019-6978 - Double Free vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
libgd
debian
canonical
CWE-415
critical
nessus

Summary

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2722.NASL
    descriptionAn update for libwmf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es) : * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128852
    published2019-09-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128852
    titleRHEL 8 : libwmf (RHSA-2019:2722)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:2722. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128852);
      script_version("1.5");
      script_cvs_date("Date: 2020/01/30");
    
      script_cve_id("CVE-2019-6978");
      script_xref(name:"RHSA", value:"2019:2722");
    
      script_name(english:"RHEL 8 : libwmf (RHSA-2019:2722)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for libwmf is now available for Red Hat Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security
    impact of Low. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link (s) in the References section.
    
    The libwmf packages provide a library for reading and converting
    Windows Metafile Format (WMF) vector graphics. The library is used by
    applications such as GIMP and ImageMagick.
    
    Security Fix(es) :
    
    * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and
    gd_wbmp.c (CVE-2019-6978)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2019:2722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-6978"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwmf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwmf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwmf-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwmf-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwmf-lite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwmf-lite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2019:2722";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"libwmf-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"libwmf-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"libwmf-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"aarch64", reference:"libwmf-debuginfo-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"libwmf-debuginfo-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"libwmf-debuginfo-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"libwmf-debuginfo-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"aarch64", reference:"libwmf-debugsource-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"libwmf-debugsource-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"libwmf-debugsource-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"libwmf-debugsource-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"aarch64", reference:"libwmf-devel-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"libwmf-devel-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"s390x", reference:"libwmf-devel-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"libwmf-devel-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"libwmf-lite-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"libwmf-lite-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"libwmf-lite-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"aarch64", reference:"libwmf-lite-debuginfo-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"libwmf-lite-debuginfo-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"libwmf-lite-debuginfo-0.2.9-8.el8_0")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"libwmf-lite-debuginfo-0.2.9-8.el8_0")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libwmf / libwmf-debuginfo / libwmf-debugsource / libwmf-devel / etc");
      }
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1174.NASL
    descriptionThe GD Graphics Library (aka LibGD) has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. (CVE-2019-6978)
    last seen2020-06-01
    modified2020-06-02
    plugin id123083
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123083
    titleAmazon Linux AMI : libwmf (ALAS-2019-1174)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1148.NASL
    descriptionThis update for gd fixes the following issues : Security issues fixed : - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123777
    published2019-04-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123777
    titleopenSUSE Security Update : gd (openSUSE-2019-1148)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2020-083-01.NASL
    descriptionNew gd packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-03-26
    modified2020-03-24
    plugin id134850
    published2020-03-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134850
    titleSlackware 14.2 / current : gd (SSA:2020-083-01)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-76FBE24CAB.NASL
    description - CVE-2019-6978: double free in the gdImage*Ptr in gd_jpeg.c, and gd_wbmp.c Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122074
    published2019-02-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122074
    titleFedora 29 : libwmf (2019-76fbe24cab)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1715.NASL
    descriptionAccording to the version of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.(CVE-2019-6978) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-22
    plugin id126843
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126843
    titleEulerOS 2.0 SP2 : gd (EulerOS-SA-2019-1715)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-D7F8995451.NASL
    descriptionfixed multiple security bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130800
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130800
    titleFedora 29 : gd (2019-d7f8995451)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1250.NASL
    descriptionAccording to the version of the gd package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.(CVE-2019-6978) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123718
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123718
    titleEulerOS Virtualization 2.5.4 : gd (EulerOS-SA-2019-1250)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-2722.NASL
    descriptionFrom Red Hat Security Advisory 2019:2722 : An update for libwmf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es) : * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128847
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128847
    titleOracle Linux 8 : libwmf (ELSA-2019-2722)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1064.NASL
    descriptionAccording to the version of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.(CVE-2019-6978) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-03-08
    plugin id122687
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122687
    titleEulerOS 2.0 SP5 : gd (EulerOS-SA-2019-1064)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0771-1.NASL
    descriptionThis update for gd fixes the following issues : Security issues fixed : CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123447
    published2019-03-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123447
    titleSUSE SLED15 / SLES15 Security Update : gd (SUSE-SU-2019:0771-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1174.NASL
    descriptionThe GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.(CVE-2019-6978)
    last seen2020-06-01
    modified2020-06-02
    plugin id122680
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122680
    titleAmazon Linux 2 : libwmf (ALAS-2019-1174)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-13961-1.NASL
    descriptionThis update for php53 fixes the following issues : Security issues fixed : CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122231
    published2019-02-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122231
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2019:13961-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-207.NASL
    descriptionThis update for php7 fixes the following issues : Security issue fixed : - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). - CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id122394
    published2019-02-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122394
    titleopenSUSE Security Update : php7 (openSUSE-2019-207)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-AB7D22A466.NASL
    descriptionfixed multiple security bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130792
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130792
    titleFedora 30 : gd (2019-ab7d22a466)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0333-1.NASL
    descriptionThis update for php7 fixes the following issues : Security issue fixed : CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122146
    published2019-02-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122146
    titleSUSE SLES12 Security Update : php7 (SUSE-SU-2019:0333-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1651.NASL
    descriptionSeveral issues in libgd2, a graphics library that allows to quickly draw images, have been found. CVE-2019-6977 A potential double free in gdImage*Ptr() has been reported by Solmaz Salimi (aka. Rooney). CVE-2019-6978 Simon Scannell found a heap-based buffer overflow, exploitable with crafted image data. CVE-2018-1000222 A new double free vulnerabilities in gdImageBmpPtr() has been reported by Solmaz Salimi (aka. Rooney). CVE-2018-5711 Due to an integer signedness error the GIF core parsing function can enter an infinite loop. This will lead to a Denial of Service and exhausted server resources. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id121483
    published2019-01-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121483
    titleDebian DLA-1651-1 : libgd2 security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1647.NASL
    descriptionAccording to the versions of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.(CVE-2019-6977) - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.(CVE-2019-6978) - Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. (CVE-2018-1000222) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-06-27
    plugin id126274
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126274
    titleEulerOS 2.0 SP8 : gd (EulerOS-SA-2019-1647)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1091.NASL
    descriptionAccording to the version of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.(CVE-2019-6978) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-03-26
    plugin id123104
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123104
    titleEulerOS 2.0 SP3 : gd (EulerOS-SA-2019-1091)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1140.NASL
    descriptionThis update for gd fixes the following issues : Security issues fixed : - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123770
    published2019-04-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123770
    titleopenSUSE Security Update : gd (openSUSE-2019-1140)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-7A06C0E6B4.NASL
    descriptionfixed multiple security bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131096
    published2019-11-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131096
    titleFedora 31 : gd (2019-7a06c0e6b4)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201903-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201903-18 (GD: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to process a specially crafted image, possibly resulting in execution of arbitrary code or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id123424
    published2019-03-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123424
    titleGLSA-201903-18 : GD: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0747-1.NASL
    descriptionThis update for gd fixes the following issues : Security issues fixed : CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123411
    published2019-03-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123411
    titleSUSE SLED12 / SLES12 Security Update : gd (SUSE-SU-2019:0747-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-E9BC354EE8.NASL
    description - CVE-2019-6978: double free in the gdImage*Ptr in gd_jpeg.c, and gd_wbmp.c Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122082
    published2019-02-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122082
    titleFedora 28 : libwmf (2019-e9bc354ee8)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4384.NASL
    descriptionMultiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.
    last seen2020-06-01
    modified2020-06-02
    plugin id121576
    published2019-02-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121576
    titleDebian DSA-4384-1 : libgd2 - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3900-1.NASL
    descriptionIt was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122533
    published2019-03-01
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122533
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : libgd2 vulnerabilities (USN-3900-1)

Redhat

advisories
bugzilla
id1671390
titleCVE-2019-6978 gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 8 is installed
      ovaloval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • commentlibwmf-debugsource is earlier than 0:0.2.9-8.el8_0
          ovaloval:com.redhat.rhsa:tst:20192722001
        • commentlibwmf-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20192722002
      • AND
        • commentlibwmf-lite is earlier than 0:0.2.9-8.el8_0
          ovaloval:com.redhat.rhsa:tst:20192722003
        • commentlibwmf-lite is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20151917004
      • AND
        • commentlibwmf is earlier than 0:0.2.9-8.el8_0
          ovaloval:com.redhat.rhsa:tst:20192722005
        • commentlibwmf is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20151917002
      • AND
        • commentlibwmf-devel is earlier than 0:0.2.9-8.el8_0
          ovaloval:com.redhat.rhsa:tst:20192722007
        • commentlibwmf-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20151917006
rhsa
idRHSA-2019:2722
released2019-09-12
severityLow
titleRHSA-2019:2722: libwmf security update (Low)
rpms
  • libwmf-0:0.2.9-8.el8_0
  • libwmf-debuginfo-0:0.2.9-8.el8_0
  • libwmf-debugsource-0:0.2.9-8.el8_0
  • libwmf-devel-0:0.2.9-8.el8_0
  • libwmf-lite-0:0.2.9-8.el8_0
  • libwmf-lite-debuginfo-0:0.2.9-8.el8_0

References