PT-2019-1692 · Gd+6 · Gd Graphics Library+6

Simon Scannell

·

Published

2019-01-15

·

Updated

2024-06-15

·

CVE-2019-6978

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions The GD Graphics Library version 2.2.5
Description The issue is related to a double free error in the gdImage*Ptr() functions within the files gd gif out.c, gd jpeg.c, and gd wbmp.c of the graphic library. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For version 2.2.5, consider updating to a newer version that addresses the double free error in the gdImage*Ptr() functions to prevent potential exploitation. As a temporary workaround, consider restricting the use of the gdImage*Ptr() functions in gd gif out.c, gd jpeg.c, and gd wbmp.c until a patch is available.

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALSA-2019:2722
ALSA-2020:4659
BDU:2019-01286
CESA-2019_2722
CESA-2020_3943
CESA-2020_4659
CVE-2019-6978
DLA-1651-1
DSA-4384-1
MGASA-2019-0073
MGASA-2019-0085
OPENSUSE-SU-2019:1148-1
OPENSUSE-SU-2019_0207-1
OPENSUSE-SU-2019_1140-1
OPENSUSE-SU-2019_1148-1
OPENSUSE-SU-2022_1516-1
OPENSUSE-SU-2024:10777-1
OPENSUSE-SU-2024:11012-1
RHSA-2019:2722
RHSA-2019_2722
RHSA-2020:3943
RHSA-2020:4659
RHSA-2020_3943
RHSA-2020_4659
RLSA-2019:2722
RLSA-2020:4659
SUSE-SU-2019:0333-1
SUSE-SU-2019:0747-1
SUSE-SU-2019:0771-1
SUSE-SU-2019:13961-1
SUSE-SU-2022:1516-1
SUSE-SU-2022:1560-1
SUSE-SU-2022_1516-1
SUSE-SU-2022_1560-1
USN-3900-1

Affected Products

Almalinux
Centos
Gd Graphics Library
Red Hat
Rocky Linux
Suse
Ubuntu