| Errata ID | 593 |
|---|---|
| Date | 2019-02-06 |
| Source package | libgd2 |
| Fixed in version | 2.1.0-5+deb8u12 |
| Description | This update addresses the following issues: * Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711) * Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222) * gdImageColorMatch in gd_color_match.c has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. (CVE-2019-6977) * The GD Graphics Library has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. (CVE-2019-6978) |
| Additional notes | |
| CVE ID | CVE-2018-5711 CVE-2018-1000222 CVE-2019-6977 CVE-2019-6978 |
| UCS Bug number | #48596 |
