Double Free in libgd2

Do your applications use this vulnerable package? Test your applications

Overview

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

References

CVE Details
Debian Security Advisory
Debian Security Announcement
Debian Security Tracker
FEDORA
FEDORA
FEDORA
FEDORA
Gentoo Security Advisory
GitHub Commit
GitHub Commit
GitHub Issue
OpenSuse Security Announcement
OpenSuse Security Announcement
REDHAT
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2019-6978
CWE: CWE-415
Snyk ID: SNYK-DEBIAN9-LIBGD2-382983
Disclosed: 28 Jan, 2019
Published: 28 Jan, 2019

Double Free
Affecting libgd2 package, versions <2.2.4-2+deb9u4

Overview

References

CVSS Score

Double Free Affecting libgd2 package, versions <2.2.4-2+deb9u4

Overview

References

Double Free
Affecting libgd2 package, versions <2.2.4-2+deb9u4