Bugzilla – Bug 1123522
VUL-1: CVE-2019-6978: gd: The GD Graphics Library 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c.
Last modified: 2022-05-06 16:19:36 UTC
CVE-2019-6978 The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6978 https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae https://github.com/libgd/libgd/issues/492 https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
All codestreams are affected. The fix is available at [1]. According to PHP [1] this issue does not affect any version of PHP but the applied the fix for consistency with upstream. [1] https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0 [2] https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae
Testcase not found.
Ah it is .. inside the gd commit.
$ cat jpeg_ptr_double_free.c #include "gd.h" int main() { gdImagePtr src, dst; int size; src = gdImageCreateTrueColor(1, 10); src->sx = 0; /* this hack forces gdImageJpegPtr() to fail */ dst = gdImageJpegPtr(src, &size, 0); gdImageDestroy(src); return 0; } $ gcc -o jpeg_ptr_double_free jpeg_ptr_double_free.c -lgd $ BEFORE TW,15,12,11,10sp3/gd $ ./jpeg_ptr_double_free GD Warning: gd-jpeg: JPEG library reports unrecoverable error: Empty JPEG image (DNL not supported)free(): invalid pointer Aborted (core dumped) $ PATCH [1] from comment 1 AFTER TW,15,12,11,10sp3/gd $ ./jpeg_ptr_double_free GD Warning: gd-jpeg: JPEG library reports unrecoverable error: Empty JPEG image (DNL not supported)$
I will submit for: TW,15,12,11,10sp3/gd and 12/php7,11sp3/php53,11/php5,10sp3/php5.
I believe all fixed.
This is an autogenerated message for OBS integration: This bug (1123522) was mentioned in https://build.opensuse.org/request/show/671007 Factory / gd
An update workflow for this issue was started. This issue was rated as low. Please submit fixed packages until 2019-03-08. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64206
An update workflow for this issue was started. This issue was rated as low. Please submit fixed packages until 2019-03-08. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64208
SUSE-SU-2019:0333-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1118832,1123354,1123522 CVE References: CVE-2018-19935,CVE-2019-6977,CVE-2019-6978 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): php7-7.0.7-50.63.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): php7-7.0.7-50.63.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php7-7.0.7-50.63.1
SUSE-SU-2019:13961-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1123354,1123522 CVE References: CVE-2019-6977,CVE-2019-6978 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): php53-5.3.17-112.53.1 SUSE Linux Enterprise Server 11-SP4 (src): php53-5.3.17-112.53.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): php53-5.3.17-112.53.1
openSUSE-SU-2019:0207-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1118832,1123354,1123522 CVE References: CVE-2018-19935,CVE-2019-6977,CVE-2019-6978 Sources used: openSUSE Leap 42.3 (src): php7-7.0.7-55.1
SUSE-SU-2019:0747-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1123361,1123522 CVE References: CVE-2019-6977,CVE-2019-6978 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Workstation Extension 12-SP3 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Server 12-SP4 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Server 12-SP3 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Desktop 12-SP4 (src): gd-2.1.0-24.12.1 SUSE Linux Enterprise Desktop 12-SP3 (src): gd-2.1.0-24.12.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:0771-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1123361,1123522 CVE References: CVE-2019-6977,CVE-2019-6978 Sources used: SUSE Linux Enterprise Module for Desktop Applications 15 (src): gd-2.2.5-4.6.1 SUSE Linux Enterprise Module for Basesystem 15 (src): gd-2.2.5-4.6.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1148-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1123361,1123522 CVE References: CVE-2019-6977,CVE-2019-6978 Sources used: openSUSE Leap 15.0 (src): gd-2.2.5-lp150.8.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1140-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1123361,1123522 CVE References: CVE-2019-6977,CVE-2019-6978 Sources used: openSUSE Leap 42.3 (src): gd-2.1.0-30.1 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:14309-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1050241,1123522,1140120 CVE References: CVE-2017-7890,CVE-2019-11038,CVE-2019-6978 Sources used: SUSE Linux Enterprise Debuginfo 11-SP4 (src): gd-2.0.36.RC1-52.33.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done
SUSE-SU-2022:1516-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1006739,1123522,1174075 CVE References: CVE-2016-9011,CVE-2019-6978 JIRA References: Sources used: openSUSE Leap 15.4 (src): libwmf-0.2.12-150000.4.4.1 openSUSE Leap 15.3 (src): libwmf-0.2.12-150000.4.4.1 SUSE Linux Enterprise Workstation Extension 15-SP4 (src): libwmf-0.2.12-150000.4.4.1 SUSE Linux Enterprise Workstation Extension 15-SP3 (src): libwmf-0.2.12-150000.4.4.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src): libwmf-0.2.12-150000.4.4.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1560-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1006739,1123522,1174075 CVE References: CVE-2016-9011,CVE-2019-6978 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): libwmf-0.2.12-243.3.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): libwmf-0.2.12-243.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.