7.5
HIGH

CVE-2019-6978

Published: 28/01/2019 Updated: 01/03/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Vulnerability Summary

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Vulnerability Trend

Affected Products

Vendor Product Versions
LibgdLibgd2.2.5
CanonicalUbuntu Linux14.04, 16.04, 18.04, 18.10
DebianDebian Linux8.0, 9.0

Vendor Advisories

Several security issues were fixed in GD ...
The GD Graphics Library (aka LibGD) 225 has a double free in the gdImage*Ptr() functions in gd_gif_outc, gd_jpegc, and gd_wbmpc NOTE: PHP is unaffected ...
The GD Graphics Library (aka LibGD) 225 has a double free in the gdImage*Ptr() functions in gd_gif_outc, gd_jpegc, and gd_wbmpc ...
The GD Graphics Library (aka LibGD) 225 has a double free in the gdImage*Ptr() functions in gd_gif_outc, gd_jpegc, and gd_wbmpc NOTE: PHP is unaffected(CVE-2019-6978 ) ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4384-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso February 04, 2019 wwwdebianorg/security/faq ...

Github Repositories

References