Unrated severityOSV Advisory· Published Jan 28, 2019· Updated Aug 4, 2024
CVE-2019-6978
CVE-2019-6978
Description
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
33- Range: = 2.2.5
- osv-coords31 versionspkg:rpm/almalinux/gdpkg:rpm/almalinux/gd-develpkg:rpm/almalinux/libwmfpkg:rpm/almalinux/libwmf-develpkg:rpm/almalinux/libwmf-litepkg:rpm/opensuse/gd&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/gd&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libwmf&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/libwmf&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/libwmf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/libwmf&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libwmf&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/libwmf&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4
< 2.2.5-7.el8+ 30 more
- (no CPE)range: < 2.2.5-7.el8
- (no CPE)range: < 2.2.5-7.el8
- (no CPE)range: < 0.2.9-8.el8_0
- (no CPE)range: < 0.2.9-8.el8_0
- (no CPE)range: < 0.2.9-8.el8_0
- (no CPE)range: < 2.2.5-lp150.8.1
- (no CPE)range: < 2.3.3-1.1
- (no CPE)range: < 0.2.12-150000.4.4.1
- (no CPE)range: < 0.2.12-150000.4.4.1
- (no CPE)range: < 2.1.0-24.12.1
- (no CPE)range: < 2.1.0-24.12.1
- (no CPE)range: < 2.2.5-4.6.1
- (no CPE)range: < 2.2.5-4.6.1
- (no CPE)range: < 2.1.0-24.12.1
- (no CPE)range: < 2.1.0-24.12.1
- (no CPE)range: < 2.1.0-24.12.1
- (no CPE)range: < 2.1.0-24.12.1
- (no CPE)range: < 2.1.0-24.12.1
- (no CPE)range: < 2.1.0-24.12.1
- (no CPE)range: < 2.1.0-24.12.1
- (no CPE)range: < 2.1.0-24.12.1
- (no CPE)range: < 0.2.12-150000.4.4.1
- (no CPE)range: < 0.2.12-243.3.1
- (no CPE)range: < 0.2.12-243.3.1
- (no CPE)range: < 0.2.12-150000.4.4.1
- (no CPE)range: < 5.3.17-112.53.1
- (no CPE)range: < 5.3.17-112.53.1
- (no CPE)range: < 5.3.17-112.53.1
- (no CPE)range: < 7.0.7-50.63.1
- (no CPE)range: < 7.0.7-50.63.1
- (no CPE)range: < 7.0.7-50.63.1
Patches
Vulnerability mechanics
References
14- lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:2722mitrevendor-advisoryx_refsource_REDHAT
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/201903-18mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3900-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4384mitrevendor-advisoryx_refsource_DEBIAN
- github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0mitrex_refsource_MISC
- github.com/libgd/libgd/issues/492mitrex_refsource_MISC
- github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2aemitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/01/msg00028.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.