Bug 1123522 - (CVE-2019-6978) VUL-1: CVE-2019-6978: gd: The GD Graphics Library 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c.
(CVE-2019-6978)
VUL-1: CVE-2019-6978: gd: The GD Graphics Library 2.2.5 has a double free in ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/223842/
CVSSv2:NVD:CVE-2019-6978:7.5:(AV:N/AC...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-01-29 14:17 UTC by Alexandros Toptsoglou
Modified: 2022-05-06 16:19 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-01-29 14:17:38 UTC
CVE-2019-6978

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr()
functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6978
https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae
https://github.com/libgd/libgd/issues/492
https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
Comment 1 Alexandros Toptsoglou 2019-01-29 14:23:51 UTC
All codestreams are affected. The fix is available at [1]. 

According to PHP [1] this issue does not affect any version of PHP but the applied the fix for consistency with upstream.  


[1] https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
[2] https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae
Comment 3 Petr Gajdos 2019-01-31 08:06:31 UTC
Testcase not found.
Comment 4 Petr Gajdos 2019-01-31 08:18:03 UTC
Ah it is .. inside the gd commit.
Comment 5 Petr Gajdos 2019-01-31 10:16:32 UTC
$ cat jpeg_ptr_double_free.c
#include "gd.h"
  

int main()
{
    gdImagePtr src, dst;
    int size;

    src = gdImageCreateTrueColor(1, 10);
    src->sx = 0; /* this hack forces gdImageJpegPtr() to fail */
    dst = gdImageJpegPtr(src, &size, 0);

    gdImageDestroy(src);
    return 0;
}
$ gcc -o jpeg_ptr_double_free jpeg_ptr_double_free.c -lgd
$

BEFORE

TW,15,12,11,10sp3/gd

$ ./jpeg_ptr_double_free 
GD Warning: gd-jpeg: JPEG library reports unrecoverable error: Empty JPEG image (DNL not supported)free(): invalid pointer
Aborted (core dumped)
$


PATCH

[1] from comment 1


AFTER

TW,15,12,11,10sp3/gd

$ ./jpeg_ptr_double_free 
GD Warning: gd-jpeg: JPEG library reports unrecoverable error: Empty JPEG image (DNL not supported)$
Comment 7 Petr Gajdos 2019-01-31 11:31:12 UTC
I will submit for: TW,15,12,11,10sp3/gd and 12/php7,11sp3/php53,11/php5,10sp3/php5.
Comment 8 Petr Gajdos 2019-02-04 09:31:53 UTC
I believe all fixed.
Comment 9 Swamp Workflow Management 2019-02-04 10:00:11 UTC
This is an autogenerated message for OBS integration:
This bug (1123522) was mentioned in
https://build.opensuse.org/request/show/671007 Factory / gd
Comment 11 Swamp Workflow Management 2019-02-08 14:29:05 UTC
An update workflow for this issue was started.
This issue was rated as low.
Please submit fixed packages until 2019-03-08.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64206
Comment 12 Swamp Workflow Management 2019-02-08 14:42:29 UTC
An update workflow for this issue was started.
This issue was rated as low.
Please submit fixed packages until 2019-03-08.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64208
Comment 13 Swamp Workflow Management 2019-02-12 17:09:53 UTC
SUSE-SU-2019:0333-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1118832,1123354,1123522
CVE References: CVE-2018-19935,CVE-2019-6977,CVE-2019-6978
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    php7-7.0.7-50.63.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    php7-7.0.7-50.63.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php7-7.0.7-50.63.1
Comment 14 Swamp Workflow Management 2019-02-14 20:09:17 UTC
SUSE-SU-2019:13961-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1123354,1123522
CVE References: CVE-2019-6977,CVE-2019-6978
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    php53-5.3.17-112.53.1
SUSE Linux Enterprise Server 11-SP4 (src):    php53-5.3.17-112.53.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    php53-5.3.17-112.53.1
Comment 15 Swamp Workflow Management 2019-02-19 11:09:54 UTC
openSUSE-SU-2019:0207-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1118832,1123354,1123522
CVE References: CVE-2018-19935,CVE-2019-6977,CVE-2019-6978
Sources used:
openSUSE Leap 42.3 (src):    php7-7.0.7-55.1
Comment 17 Swamp Workflow Management 2019-03-26 17:13:44 UTC
SUSE-SU-2019:0747-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1123361,1123522
CVE References: CVE-2019-6977,CVE-2019-6978
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    gd-2.1.0-24.12.1
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    gd-2.1.0-24.12.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    gd-2.1.0-24.12.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    gd-2.1.0-24.12.1
SUSE Linux Enterprise Server 12-SP4 (src):    gd-2.1.0-24.12.1
SUSE Linux Enterprise Server 12-SP3 (src):    gd-2.1.0-24.12.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    gd-2.1.0-24.12.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    gd-2.1.0-24.12.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2019-03-27 14:22:16 UTC
SUSE-SU-2019:0771-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1123361,1123522
CVE References: CVE-2019-6977,CVE-2019-6978
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    gd-2.2.5-4.6.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    gd-2.2.5-4.6.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2019-04-04 19:10:12 UTC
openSUSE-SU-2019:1148-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1123361,1123522
CVE References: CVE-2019-6977,CVE-2019-6978
Sources used:
openSUSE Leap 15.0 (src):    gd-2.2.5-lp150.8.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 20 Swamp Workflow Management 2019-04-04 22:26:04 UTC
openSUSE-SU-2019:1140-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1123361,1123522
CVE References: CVE-2019-6977,CVE-2019-6978
Sources used:
openSUSE Leap 42.3 (src):    gd-2.1.0-30.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2020-03-09 14:50:54 UTC
SUSE-SU-2020:14309-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1050241,1123522,1140120
CVE References: CVE-2017-7890,CVE-2019-11038,CVE-2019-6978
Sources used:
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    gd-2.0.36.RC1-52.33.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Alexandros Toptsoglou 2020-04-29 14:41:15 UTC
Done
Comment 26 Swamp Workflow Management 2022-05-04 13:18:47 UTC
SUSE-SU-2022:1516-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1006739,1123522,1174075
CVE References: CVE-2016-9011,CVE-2019-6978
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    libwmf-0.2.12-150000.4.4.1
openSUSE Leap 15.3 (src):    libwmf-0.2.12-150000.4.4.1
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    libwmf-0.2.12-150000.4.4.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    libwmf-0.2.12-150000.4.4.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src):    libwmf-0.2.12-150000.4.4.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2022-05-06 16:19:36 UTC
SUSE-SU-2022:1560-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1006739,1123522,1174075
CVE References: CVE-2016-9011,CVE-2019-6978
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    libwmf-0.2.12-243.3.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libwmf-0.2.12-243.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.