CVE-2019-6978 — Double Free in Libgd

CWE-415 — Double Free CWE-416 — Use After Free11 documents8 sources

Severity

9.8CRITICALNVD

EPSS

2.6%

top 14.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ubuntu Linux Debian Linux Libgd

Timeline

PublishedJan 28

Latest updateMay 14

Description

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDlibgd/libgd2.2.5

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-7v6r-3q36-qvvp: The GD Graphics Library (aka LibGD) 2↗2022-05-14

▶

OSV

CVE-2019-6978: The GD Graphics Library (aka LibGD) 2↗2019-01-28

▶

CVEList

CVE-2019-6978: The GD Graphics Library (aka LibGD) 2↗2019-01-28

▶

📋Vendor Advisories

Ubuntu

GD vulnerabilities↗2019-02-28

▶

Red Hat

gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c↗2019-01-15

▶

Debian

CVE-2019-6978: libgd2 - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr()...↗2019

▶

💬Community

Bugzilla

CVE-2019-6978 gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c↗2019-01-31

▶

Bugzilla

CVE-2019-6978 gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c [fedora-all]↗2019-01-31

▶

Bugzilla

CVE-2019-6978 libwmf: gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c [fedora-all]↗2019-01-31

▶