AVG-865

Package gd
Status Vulnerable
Severity Critical
Type multiple issues
Affected 2.2.5-1
Fixed Unknown
Current 2.2.5-1 [extra]
Ticket Create
Created Fri Feb 1 11:12:04 2019
Issue Severity Remote Type Description
CVE-2019-6978 Critical Yes Arbitrary code execution
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c.
CVE-2019-6977 Critical Yes Arbitrary code execution
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before...
CVE-2018-1000222 Critical Yes Arbitrary code execution
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack...
CVE-2018-5711 Medium Yes Denial of service
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a...
References
https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html