Project

General

Profile

Bug #9497

gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222)

Added by Alicha CH 8 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
-
Start date:
10/02/2018
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result
in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free.
This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.

References:

https://github.com/libgd/libgd/issues/447
https://nvd.nist.gov/vuln/detail/CVE-2018-1000222

Patch:

https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5


Subtasks

Bug #9498: [3.9] gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222)ClosedCarlo Landmeter

Bug #9499: [3.8] gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222)ClosedCarlo Landmeter

Bug #9500: [3.7] gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222)ClosedCarlo Landmeter

Bug #9501: [3.6] gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222)ClosedCarlo Landmeter

Bug #9502: [3.5] gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222)ClosedCarlo Landmeter

History

#1 Updated by Alicha CH 8 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed
  • Security IDs deleted (CVE-2018-1000222)

Also available in: Atom PDF