|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2019-6977: gd: A heap based buffer overflow is discovered in GD Graphics library | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Alexandros Toptsoglou <atoptsoglou> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | atoptsoglou, pgajdos, smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/223820/ | ||
| Whiteboard: | CVSSv3:SUSE:CVE-2019-6977:6.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) CVSSv2:NVD:CVE-2019-6977:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv3:NVD:CVE-2019-6977:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2019-6977:6.3:(AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Alexandros Toptsoglou
2019-01-28 13:36:04 UTC
SUSE:SLE-12:Update and SUSE:SLE-15:Update are affected. Please refer to the corresponding php bug[1] for more information [1] https://bugzilla.suse.com/show_bug.cgi?id=1123354 $ cat 77270.c
#include <gd.h>
int main()
{
FILE *fp;
gdImagePtr im1, im2;
fp = fopen("77270.png", "r");
im1 = gdImageCreateFromPng(fp);
im2 = gdImageCreateFromPng(fp);
fclose(fp);
gdImagePaletteToTrueColor(im1);
gdImageColorMatch(im1, im2);
gdImageDestroy(im1);
gdImageDestroy(im2);
}
$ gcc -o 77270 77270.c -lgd
$
BEFORE
TW,15,12/gd
$ ./77270
Segmentation fault (core dumped)
$
Testcase does not work for 11,10sp3/gd as gdImagePaletteToTrueColor() and gdImageColorMatch() is not available there.
PATCH
$ ./77270
Segmentation fault (core dumped)
$
So the patch itself does not work. Perhaps integer overflow?
No. The testcase was probably wrong.
$ cat 77270.c
#include <gd.h>
int main()
{
FILE *fp;
gdImagePtr im1, im2;
fp = fopen("77270.png", "r");
im1 = gdImageCreateFromPng(fp);
fseek(fp, 0, SEEK_SET);
im2 = gdImageCreateFromPng(fp);
fclose(fp);
gdImagePaletteToTrueColor(im1);
gdImageColorMatch(im1, im2);
gdImageDestroy(im1);
gdImageDestroy(im2);
}
$ gcc -o 77270 77270.c -lgd
$
BEFORE
TW,15,12/gd
$ ./77270
free(): invalid pointer
Aborted (core dumped)
$
PATCH
TW,15,12:
http://git.php.net/?p=php-src.git;a=commit;h=a15af81b5f0058e020eda0f109f51a3c863f5212
11,10sp3:
code not found
AFTER
TW/gd
$ ./77270
$
Will submit for: TW,15,12/gd I believe all fixed. This is an autogenerated message for OBS integration: This bug (1123361) was mentioned in https://build.opensuse.org/request/show/671007 Factory / gd SUSE-SU-2019:0747-1: An update that fixes two vulnerabilities is now available.
Category: security (moderate)
Bug References: 1123361,1123522
CVE References: CVE-2019-6977,CVE-2019-6978
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src): gd-2.1.0-24.12.1
SUSE Linux Enterprise Workstation Extension 12-SP3 (src): gd-2.1.0-24.12.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src): gd-2.1.0-24.12.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src): gd-2.1.0-24.12.1
SUSE Linux Enterprise Server 12-SP4 (src): gd-2.1.0-24.12.1
SUSE Linux Enterprise Server 12-SP3 (src): gd-2.1.0-24.12.1
SUSE Linux Enterprise Desktop 12-SP4 (src): gd-2.1.0-24.12.1
SUSE Linux Enterprise Desktop 12-SP3 (src): gd-2.1.0-24.12.1
*** NOTE: This information is not intended to be used for external
communication, because this may only be a partial fix.
If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:0771-1: An update that fixes two vulnerabilities is now available.
Category: security (moderate)
Bug References: 1123361,1123522
CVE References: CVE-2019-6977,CVE-2019-6978
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15 (src): gd-2.2.5-4.6.1
SUSE Linux Enterprise Module for Basesystem 15 (src): gd-2.2.5-4.6.1
*** NOTE: This information is not intended to be used for external
communication, because this may only be a partial fix.
If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1148-1: An update that fixes two vulnerabilities is now available.
Category: security (moderate)
Bug References: 1123361,1123522
CVE References: CVE-2019-6977,CVE-2019-6978
Sources used:
openSUSE Leap 15.0 (src): gd-2.2.5-lp150.8.1
*** NOTE: This information is not intended to be used for external
communication, because this may only be a partial fix.
If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1140-1: An update that fixes two vulnerabilities is now available.
Category: security (moderate)
Bug References: 1123361,1123522
CVE References: CVE-2019-6977,CVE-2019-6978
Sources used:
openSUSE Leap 42.3 (src): gd-2.1.0-30.1
*** NOTE: This information is not intended to be used for external
communication, because this may only be a partial fix.
If you have questions please reach out to maintenance coordination.
done |