PT-2019-1692 · Gd+6 · Gd Graphics Library+6

Simon Scannell

Publicado

2019-01-15

Atualizado

2024-06-15

CVE-2019-6978

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions The GD Graphics Library version 2.2.5

Description The issue is related to a double free error in the gdImage*Ptr() functions within the files gd gif out.c, gd jpeg.c, and gd wbmp.c of the graphic library. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For version 2.2.5, consider updating to a newer version that addresses the double free error in the gdImage*Ptr() functions to prevent potential exploitation. As a temporary workaround, consider restricting the use of the gdImage*Ptr() functions in gd gif out.c, gd jpeg.c, and gd wbmp.c until a patch is available.

Correção

Double Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-415

Identificadores relacionados

ALSA-2019:2722

ALSA-2020:4659

BDU:2019-01286

CESA-2019_2722

CESA-2020_3943

CESA-2020_4659

CVE-2019-6978

DLA-1651-1

DSA-4384-1

MGASA-2019-0073

MGASA-2019-0085

OPENSUSE-SU-2019:1148-1

OPENSUSE-SU-2019_0207-1

OPENSUSE-SU-2019_1140-1

OPENSUSE-SU-2019_1148-1

OPENSUSE-SU-2022_1516-1

OPENSUSE-SU-2024:10777-1

OPENSUSE-SU-2024:11012-1

RHSA-2019:2722

RHSA-2019_2722

RHSA-2020:3943

RHSA-2020:4659

RHSA-2020_3943

RHSA-2020_4659

RLSA-2019:2722

RLSA-2020:4659

SUSE-SU-2019:0333-1

SUSE-SU-2019:0747-1

SUSE-SU-2019:0771-1

SUSE-SU-2019:13961-1

SUSE-SU-2022:1516-1

SUSE-SU-2022:1560-1

SUSE-SU-2022_1516-1

SUSE-SU-2022_1560-1

USN-3900-1

Produtos afetados

Almalinux

Centos

Gd Graphics Library

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2019-1692 · Gd+6 · Gd Graphics Library+6

CVE-2019-6978

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 90