Bugzilla – Bug 1105434
VUL-0: CVE-2018-1000222: php5,gd,php7,php53: a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution
Last modified: 2023-10-26 10:35:15 UTC
CVE-2018-1000222 Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000222 https://github.com/libgd/libgd/issues/447
No testcase found.
Will submit for: devel/gd, 15/gd, 12/gd and 15/php7. Older ones does not have BMP support.
This is an autogenerated message for OBS integration: This bug (1105434) was mentioned in https://build.opensuse.org/request/show/631813 Factory / gd
Packages submitted.
SUSE-SU-2018:2837-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1105434 CVE References: CVE-2018-1000222 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): gd-2.1.0-24.9.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): gd-2.1.0-24.9.1 SUSE Linux Enterprise Server 12-SP3 (src): gd-2.1.0-24.9.1 SUSE Linux Enterprise Desktop 12-SP3 (src): gd-2.1.0-24.9.1
SUSE-SU-2018:2840-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1105434 CVE References: CVE-2018-1000222 Sources used: SUSE Linux Enterprise Module for Web Scripting 15 (src): php7-7.2.5-4.9.1
openSUSE-SU-2018:2849-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1105434 CVE References: CVE-2018-1000222 Sources used: openSUSE Leap 15.0 (src): php7-7.2.5-lp150.2.12.1
openSUSE-SU-2018:2851-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1105434 CVE References: CVE-2018-1000222 Sources used: openSUSE Leap 42.3 (src): gd-2.1.0-27.1
SUSE-SU-2018:2888-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1105434 CVE References: CVE-2018-1000222 Sources used: SUSE Linux Enterprise Module for Desktop Applications 15 (src): gd-2.2.5-4.3.1 SUSE Linux Enterprise Module for Basesystem 15 (src): gd-2.2.5-4.3.1
openSUSE-SU-2018:2941-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1105434 CVE References: CVE-2018-1000222 Sources used: openSUSE Leap 15.0 (src): gd-2.2.5-lp150.3.3.1
released
This is an autogenerated message for OBS integration: This bug (1105434) was mentioned in https://build.opensuse.org/request/show/802846 Factory / php7
This is an autogenerated message for OBS integration: This bug (1105434) was mentioned in https://build.opensuse.org/request/show/802978 Factory / php7
This is an autogenerated message for OBS integration: This bug (1105434) was mentioned in https://build.opensuse.org/request/show/804946 Factory / php7
This is an autogenerated message for OBS integration: This bug (1105434) was mentioned in https://build.opensuse.org/request/show/1120490 Backports:SLE-15-SP5 / php81