Vulnerabilities > CVE-2019-6978 - Double Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 2 | |
| OS | 4 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2722.NASL description An update for libwmf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es) : * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 128852 published 2019-09-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128852 title RHEL 8 : libwmf (RHSA-2019:2722) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:2722. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(128852); script_version("1.5"); script_cvs_date("Date: 2020/01/30"); script_cve_id("CVE-2019-6978"); script_xref(name:"RHSA", value:"2019:2722"); script_name(english:"RHEL 8 : libwmf (RHSA-2019:2722)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for libwmf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es) : * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:2722" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-6978" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwmf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwmf-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwmf-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwmf-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwmf-lite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwmf-lite-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/28"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2019:2722"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL8", cpu:"i686", reference:"libwmf-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"libwmf-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"libwmf-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"aarch64", reference:"libwmf-debuginfo-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"i686", reference:"libwmf-debuginfo-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"libwmf-debuginfo-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"libwmf-debuginfo-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"aarch64", reference:"libwmf-debugsource-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"i686", reference:"libwmf-debugsource-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"libwmf-debugsource-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"libwmf-debugsource-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"aarch64", reference:"libwmf-devel-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"libwmf-devel-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"s390x", reference:"libwmf-devel-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"libwmf-devel-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"i686", reference:"libwmf-lite-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"libwmf-lite-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"libwmf-lite-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"aarch64", reference:"libwmf-lite-debuginfo-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"i686", reference:"libwmf-lite-debuginfo-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"libwmf-lite-debuginfo-0.2.9-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"libwmf-lite-debuginfo-0.2.9-8.el8_0")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libwmf / libwmf-debuginfo / libwmf-debugsource / libwmf-devel / etc"); } }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1174.NASL description The GD Graphics Library (aka LibGD) has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. (CVE-2019-6978) last seen 2020-06-01 modified 2020-06-02 plugin id 123083 published 2019-03-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123083 title Amazon Linux AMI : libwmf (ALAS-2019-1174) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1148.NASL description This update for gd fixes the following issues : Security issues fixed : - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123777 published 2019-04-05 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123777 title openSUSE Security Update : gd (openSUSE-2019-1148) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2020-083-01.NASL description New gd packages are available for Slackware 14.2 and -current to fix security issues. last seen 2020-03-26 modified 2020-03-24 plugin id 134850 published 2020-03-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134850 title Slackware 14.2 / current : gd (SSA:2020-083-01) NASL family Fedora Local Security Checks NASL id FEDORA_2019-76FBE24CAB.NASL description - CVE-2019-6978: double free in the gdImage*Ptr in gd_jpeg.c, and gd_wbmp.c Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122074 published 2019-02-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122074 title Fedora 29 : libwmf (2019-76fbe24cab) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1715.NASL description According to the version of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.(CVE-2019-6978) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-07-22 plugin id 126843 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126843 title EulerOS 2.0 SP2 : gd (EulerOS-SA-2019-1715) NASL family Fedora Local Security Checks NASL id FEDORA_2019-D7F8995451.NASL description fixed multiple security bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130800 published 2019-11-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130800 title Fedora 29 : gd (2019-d7f8995451) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1250.NASL description According to the version of the gd package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.(CVE-2019-6978) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123718 published 2019-04-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123718 title EulerOS Virtualization 2.5.4 : gd (EulerOS-SA-2019-1250) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-2722.NASL description From Red Hat Security Advisory 2019:2722 : An update for libwmf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es) : * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 128847 published 2019-09-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128847 title Oracle Linux 8 : libwmf (ELSA-2019-2722) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1064.NASL description According to the version of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.(CVE-2019-6978) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-03-08 plugin id 122687 published 2019-03-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122687 title EulerOS 2.0 SP5 : gd (EulerOS-SA-2019-1064) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0771-1.NASL description This update for gd fixes the following issues : Security issues fixed : CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123447 published 2019-03-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123447 title SUSE SLED15 / SLES15 Security Update : gd (SUSE-SU-2019:0771-1) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1174.NASL description The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.(CVE-2019-6978) last seen 2020-06-01 modified 2020-06-02 plugin id 122680 published 2019-03-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122680 title Amazon Linux 2 : libwmf (ALAS-2019-1174) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-13961-1.NASL description This update for php53 fixes the following issues : Security issues fixed : CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122231 published 2019-02-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122231 title SUSE SLES11 Security Update : php53 (SUSE-SU-2019:13961-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-207.NASL description This update for php7 fixes the following issues : Security issue fixed : - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). - CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 122394 published 2019-02-22 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122394 title openSUSE Security Update : php7 (openSUSE-2019-207) NASL family Fedora Local Security Checks NASL id FEDORA_2019-AB7D22A466.NASL description fixed multiple security bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130792 published 2019-11-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130792 title Fedora 30 : gd (2019-ab7d22a466) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0333-1.NASL description This update for php7 fixes the following issues : Security issue fixed : CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122146 published 2019-02-13 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122146 title SUSE SLES12 Security Update : php7 (SUSE-SU-2019:0333-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1651.NASL description Several issues in libgd2, a graphics library that allows to quickly draw images, have been found. CVE-2019-6977 A potential double free in gdImage*Ptr() has been reported by Solmaz Salimi (aka. Rooney). CVE-2019-6978 Simon Scannell found a heap-based buffer overflow, exploitable with crafted image data. CVE-2018-1000222 A new double free vulnerabilities in gdImageBmpPtr() has been reported by Solmaz Salimi (aka. Rooney). CVE-2018-5711 Due to an integer signedness error the GIF core parsing function can enter an infinite loop. This will lead to a Denial of Service and exhausted server resources. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 121483 published 2019-01-31 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121483 title Debian DLA-1651-1 : libgd2 security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1647.NASL description According to the versions of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.(CVE-2019-6977) - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.(CVE-2019-6978) - Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. (CVE-2018-1000222) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-06-27 plugin id 126274 published 2019-06-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126274 title EulerOS 2.0 SP8 : gd (EulerOS-SA-2019-1647) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1091.NASL description According to the version of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.(CVE-2019-6978) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-03-26 plugin id 123104 published 2019-03-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123104 title EulerOS 2.0 SP3 : gd (EulerOS-SA-2019-1091) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1140.NASL description This update for gd fixes the following issues : Security issues fixed : - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123770 published 2019-04-05 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123770 title openSUSE Security Update : gd (openSUSE-2019-1140) NASL family Fedora Local Security Checks NASL id FEDORA_2019-7A06C0E6B4.NASL description fixed multiple security bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 131096 published 2019-11-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131096 title Fedora 31 : gd (2019-7a06c0e6b4) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201903-18.NASL description The remote host is affected by the vulnerability described in GLSA-201903-18 (GD: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GD. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to process a specially crafted image, possibly resulting in execution of arbitrary code or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 123424 published 2019-03-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123424 title GLSA-201903-18 : GD: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0747-1.NASL description This update for gd fixes the following issues : Security issues fixed : CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123411 published 2019-03-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123411 title SUSE SLED12 / SLES12 Security Update : gd (SUSE-SU-2019:0747-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-E9BC354EE8.NASL description - CVE-2019-6978: double free in the gdImage*Ptr in gd_jpeg.c, and gd_wbmp.c Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122082 published 2019-02-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122082 title Fedora 28 : libwmf (2019-e9bc354ee8) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4384.NASL description Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 121576 published 2019-02-05 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121576 title Debian DSA-4384-1 : libgd2 - security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3900-1.NASL description It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122533 published 2019-03-01 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122533 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : libgd2 vulnerabilities (USN-3900-1)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae
- https://github.com/libgd/libgd/issues/492
- https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
- https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
- https://www.debian.org/security/2019/dsa-4384
- https://usn.ubuntu.com/3900-1/
- https://security.gentoo.org/glsa/201903-18
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html
- https://access.redhat.com/errata/RHSA-2019:2722
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/