Bugzilla – Bug 1123361
VUL-0: CVE-2019-6977: gd: A heap based buffer overflow is discovered in GD Graphics library
Last modified: 2019-09-04 06:23:36 UTC
+++ This bug was initially created as a clone of Bug #1123354 +++ CVE-2019-6977 gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6977 https://bugs.php.net/bug.php?id=77270 http://php.net/ChangeLog-7.php http://php.net/ChangeLog-5.php
SUSE:SLE-12:Update and SUSE:SLE-15:Update are affected. Please refer to the corresponding php bug[1] for more information [1] https://bugzilla.suse.com/show_bug.cgi?id=1123354
$ cat 77270.c #include <gd.h> int main() { FILE *fp; gdImagePtr im1, im2; fp = fopen("77270.png", "r"); im1 = gdImageCreateFromPng(fp); im2 = gdImageCreateFromPng(fp); fclose(fp); gdImagePaletteToTrueColor(im1); gdImageColorMatch(im1, im2); gdImageDestroy(im1); gdImageDestroy(im2); } $ gcc -o 77270 77270.c -lgd $ BEFORE TW,15,12/gd $ ./77270 Segmentation fault (core dumped) $ Testcase does not work for 11,10sp3/gd as gdImagePaletteToTrueColor() and gdImageColorMatch() is not available there. PATCH $ ./77270 Segmentation fault (core dumped) $ So the patch itself does not work. Perhaps integer overflow?
No. The testcase was probably wrong. $ cat 77270.c #include <gd.h> int main() { FILE *fp; gdImagePtr im1, im2; fp = fopen("77270.png", "r"); im1 = gdImageCreateFromPng(fp); fseek(fp, 0, SEEK_SET); im2 = gdImageCreateFromPng(fp); fclose(fp); gdImagePaletteToTrueColor(im1); gdImageColorMatch(im1, im2); gdImageDestroy(im1); gdImageDestroy(im2); } $ gcc -o 77270 77270.c -lgd $ BEFORE TW,15,12/gd $ ./77270 free(): invalid pointer Aborted (core dumped) $ PATCH TW,15,12: http://git.php.net/?p=php-src.git;a=commit;h=a15af81b5f0058e020eda0f109f51a3c863f5212 11,10sp3: code not found AFTER TW/gd $ ./77270 $
Will submit for: TW,15,12/gd
I believe all fixed.
This is an autogenerated message for OBS integration: This bug (1123361) was mentioned in https://build.opensuse.org/request/show/671007 Factory / gd
SUSE-SU-2019:0747-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1123361,1123522 CVE References: CVE-2019-6977,CVE-2019-6978 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Workstation Extension 12-SP3 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Server 12-SP4 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Server 12-SP3 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Desktop 12-SP4 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Desktop 12-SP3 (src): gd-2.1.0-24.12.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:0771-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1123361,1123522 CVE References: CVE-2019-6977,CVE-2019-6978 Sources used: SUSE Linux Enterprise Module for Desktop Applications 15 (src): gd-2.2.5-4.6.1 SUSE Linux Enterprise Module for Basesystem 15 (src): gd-2.2.5-4.6.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1148-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1123361,1123522 CVE References: CVE-2019-6977,CVE-2019-6978 Sources used: openSUSE Leap 15.0 (src): gd-2.2.5-lp150.8.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1140-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1123361,1123522 CVE References: CVE-2019-6977,CVE-2019-6978 Sources used: openSUSE Leap 42.3 (src): gd-2.1.0-30.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
done