| ID |
CVE-2019-6978
|
| Summary |
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 05-04-2019 - 00:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-415 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| redhat
via4
|
| advisories | | bugzilla | | id | 1671390 | | title | CVE-2019-6978 gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 8 is installed | | oval | oval:com.redhat.rhba:tst:20193384074 |
| OR | | AND | | comment | libwmf is earlier than 0:0.2.9-8.el8_0 | | oval | oval:com.redhat.rhsa:tst:20192722001 |
| comment | libwmf is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20151917002 |
|
| AND | | comment | libwmf-debugsource is earlier than 0:0.2.9-8.el8_0 | | oval | oval:com.redhat.rhsa:tst:20192722003 |
| comment | libwmf-debugsource is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20192722004 |
|
| AND | | comment | libwmf-devel is earlier than 0:0.2.9-8.el8_0 | | oval | oval:com.redhat.rhsa:tst:20192722005 |
| comment | libwmf-devel is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20151917004 |
|
| AND | | comment | libwmf-lite is earlier than 0:0.2.9-8.el8_0 | | oval | oval:com.redhat.rhsa:tst:20192722007 |
| comment | libwmf-lite is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20151917006 |
|
|
|
|
| | rhsa | | id | RHSA-2019:2722 | | released | 2019-09-12 | | severity | Low | | title | RHSA-2019:2722: libwmf security update (Low) |
|
| bugzilla | | id | 1840569 | | title | bz1638365 broke libwmf utils |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 7 is installed | | oval | oval:com.redhat.rhba:tst:20150364027 |
| OR | | AND | | comment | libwmf is earlier than 0:0.2.8.4-44.el7 | | oval | oval:com.redhat.rhsa:tst:20203943001 |
| comment | libwmf is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20151917002 |
|
| AND | | comment | libwmf-devel is earlier than 0:0.2.8.4-44.el7 | | oval | oval:com.redhat.rhsa:tst:20203943003 |
| comment | libwmf-devel is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20151917004 |
|
| AND | | comment | libwmf-lite is earlier than 0:0.2.8.4-44.el7 | | oval | oval:com.redhat.rhsa:tst:20203943005 |
| comment | libwmf-lite is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20151917006 |
|
|
|
|
| | rhsa | | id | RHSA-2020:3943 | | released | 2020-09-29 | | severity | Low | | title | RHSA-2020:3943: libwmf security and bug fix update (Low) |
|
| bugzilla | | id | 1672207 | | title | CVE-2019-6977 gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 8 is installed | | oval | oval:com.redhat.rhba:tst:20193384074 |
| OR | | AND | | comment | gd is earlier than 0:2.2.5-7.el8 | | oval | oval:com.redhat.rhsa:tst:20204659001 |
| comment | gd is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20204659002 |
|
| AND | | comment | gd-debugsource is earlier than 0:2.2.5-7.el8 | | oval | oval:com.redhat.rhsa:tst:20204659003 |
| comment | gd-debugsource is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20204659004 |
|
| AND | | comment | gd-devel is earlier than 0:2.2.5-7.el8 | | oval | oval:com.redhat.rhsa:tst:20204659005 |
| comment | gd-devel is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20204659006 |
|
|
|
|
| | rhsa | | id | RHSA-2020:4659 | | released | 2020-11-04 | | severity | Moderate | | title | RHSA-2020:4659: gd security update (Moderate) |
|
| | rpms | - libwmf-0:0.2.9-8.el8_0
- libwmf-debuginfo-0:0.2.9-8.el8_0
- libwmf-debugsource-0:0.2.9-8.el8_0
- libwmf-devel-0:0.2.9-8.el8_0
- libwmf-lite-0:0.2.9-8.el8_0
- libwmf-lite-debuginfo-0:0.2.9-8.el8_0
- libwmf-0:0.2.8.4-44.el7
- libwmf-debuginfo-0:0.2.8.4-44.el7
- libwmf-devel-0:0.2.8.4-44.el7
- libwmf-lite-0:0.2.8.4-44.el7
- gd-0:2.2.5-7.el8
- gd-debuginfo-0:2.2.5-7.el8
- gd-debugsource-0:2.2.5-7.el8
- gd-devel-0:2.2.5-7.el8
- gd-progs-debuginfo-0:2.2.5-7.el8
|
|
| refmap
via4
|
| debian | DSA-4384 | | fedora | - FEDORA-2019-7a06c0e6b4
- FEDORA-2019-ab7d22a466
- FEDORA-2019-d7f8995451
- FEDORA-2020-e795f92d79
| | gentoo | GLSA-201903-18 | | misc | | | mlist | [debian-lts-announce] 20190130 [SECURITY] [DLA 1651-1] libgd2 security update | | suse | - openSUSE-SU-2019:1140
- openSUSE-SU-2019:1148
| | ubuntu | USN-3900-1 |
|
| Last major update |
05-04-2019 - 00:29 |
| Published |
28-01-2019 - 08:29 |
| Last modified |
05-04-2019 - 00:29 |
