https://bugzilla.redhat.com/show_bug.cgi?id=1599032

https://github.com/libgd/libgd/pull/580

https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f

[debian-lts-announce] 20200218 [SECURITY] [DLA 2106-1] libgd2 security update

openSUSE-SU-2020:0332

FEDORA-2020-e795f92d79

USN-4316-2

USN-4316-1

The remote NewStart CGSL host, running version MAIN 6.02, has gd packages installed that are affected by multiple vulnerabilities:

  - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in     gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. (CVE-2019-6978)

  - gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the     imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before     7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger     imagecolormatch calls with crafted image data. (CVE-2019-6977)

  - gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to     crash an application via a specific function call sequence. Only affects PHP when linked with an external     libgd (not bundled). (CVE-2018-14553)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4659 advisory.

  - gd: NULL pointer dereference in gdImageClone (CVE-2018-14553)

  - gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977)

  - gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4659 advisory.

  - gd: NULL pointer dereference in gdImageClone (CVE-2018-14553)

  - gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977)

  - gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4659 advisory.

  - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in     gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. (CVE-2019-6978)

  - gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to     crash an application via a specific function call sequence. Only affects PHP when linked with an external     libgd (not bundled). (CVE-2018-14553)

  - gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the     imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before     7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger     imagecolormatch calls with crafted image data. (CVE-2019-6977)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the gd package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - ** RESERVED ** This candidate has been reserved by an     organization or individual that will use it when     announcing a new security problem. When the candidate     has been publicized, the details for this candidate     will be provided.(CVE-2018-14553)

  - ** RESERVED ** This candidate has been reserved by an     organization or individual that will use it when     announcing a new security problem. When the candidate     has been publicized, the details for this candidate     will be provided.(CVE-2017-6363)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - In the GD Graphics Library (aka LibGD) through 2.2.5,     there is a heap-based buffer over-read in tiffWriter in     gd_tiff.c. NOTE: the vendor says 'In my opinion this     issue should not have a CVE, since the GD and GD2     formats are documented to be 'obsolete, and should only     be used for development and testing     purposes.''(CVE-2017-6363)

  - gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5     has a NULL pointer dereference allowing attackers to     crash an application via a specific function call     sequence. Only affects PHP when linked with an external     libgd (not bundled).(CVE-2018-14553)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for gd fixes the following issues :

Security issue fixed :

CVE-2018-14553: Fixed a NULL pointer dereference in gdImageClone (bsc#1165471).

CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New gd packages are available for Slackware 14.2 and -current to fix security issues.

An update of the libgd package has been released.

This update for gd fixes the following issues :

Security issue fixed :

  - CVE-2018-14553: Fixed a NULL pointer dereference in     gdImageClone (bsc#1165471).

  - CVE-2019-11038: Fixed a information disclosure in     gdImageCreateFromXbm() (bsc#1140120).

This update was imported from the SUSE:SLE-15:Update update project.

This update for gd fixes the following issues :

CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241).

CVE-2018-14553: Fixed a NULL pointer dereference in gdImageClone() (bsc#1165471).

CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability was discovered in libgd2, the GD graphics library, whereby an attacker can employ a specific function call sequence to trigger a NULL pointer dereference, subsequently crash the application using libgd2, and create a denial of service.

For Debian 8 'Jessie', this problem has been fixed in version 2.1.0-5+deb8u14.

We recommend that you upgrade your libgd2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
147709	NewStart CGSL MAIN 6.02 : gd Multiple Vulnerabilities (NS-SA-2021-0066)	Nessus	NewStart CGSL Local Security Checks	critical
145893	CentOS 8 : gd (CESA-2020:4659)	Nessus	CentOS Local Security Checks	critical
143083	RHEL 8 : gd (RHSA-2020:4659)	Nessus	Red Hat Local Security Checks	critical
142777	Oracle Linux 8 : gd (ELSA-2020-4659)	Nessus	Oracle Linux Local Security Checks	critical
140004	EulerOS Virtualization for ARM 64 3.0.6.0 : gd (EulerOS-SA-2020-1901)	Nessus	Huawei Local Security Checks	high
139132	EulerOS 2.0 SP8 : gd (EulerOS-SA-2020-1802)	Nessus	Huawei Local Security Checks	high
138256	SUSE SLED15 / SLES15 Security Update : gd (SUSE-SU-2020:0594-2)	Nessus	SuSE Local Security Checks	medium
134850	Slackware 14.2 / current : gd (SSA:2020-083-01)	Nessus	Slackware Local Security Checks	critical
134422	Photon OS 2.0: Libgd PHSA-2020-2.0-0213	Nessus	PhotonOS Local Security Checks	high
134398	openSUSE Security Update : gd (openSUSE-2020-332)	Nessus	SuSE Local Security Checks	medium
134366	SUSE SLED12 / SLES12 Security Update : gd (SUSE-SU-2020:0623-1)	Nessus	SuSE Local Security Checks	medium
134297	SUSE SLED15 / SLES15 Security Update : gd (SUSE-SU-2020:0594-1)	Nessus	SuSE Local Security Checks	medium
134210	Photon OS 3.0: Libgd PHSA-2020-3.0-0063	Nessus	PhotonOS Local Security Checks	high
133730	Debian DLA-2106-1 : libgd2 security update	Nessus	Debian Local Security Checks	high

CVE-2018-14553

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Tenable Plugins

critical

critical

critical

critical

high

high

medium

critical

high

medium

medium

medium

high

high