UbuntuUpdates.org

Package "libgd-tools"

Name: libgd-tools

Description:

GD command line tools and example code

Latest version: 2.2.5-4ubuntu0.5
Release: bionic (18.04)
Level: security
Repository: universe
Head package: libgd2
Homepage: http://www.libgd.org/

Links


Download "libgd-tools"


Other versions of "libgd-tools" in Bionic

Repository Area Version
base universe 2.2.5-4
updates universe 2.2.5-4ubuntu0.5

Changelog

Version: 2.2.5-4ubuntu0.5 2021-09-08 13:06:45 UTC

  libgd2 (2.2.5-4ubuntu0.5) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2017-6363-*.patch: make sure transparent
      palette index is within bounds in src/gd_gd.c and add tests in
      tests/gd/bug00383.c, tests/gd/CMakeLists.txt, tests/gd/Makemodule.am,
      tests/gd2/bug00383.c, tests/gd2/CMakeLists.txt, test/gd2/Makemodule.am.
    - CVE-2017-6363
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2021-38115.patch: fix a read out-of-bounds in
      reading tga header file in src/gd_tga.c.
    - CVE-2021-38115
  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2021-40145.patch: fix a memory leak in
      src/gd_gd2.c.
    - CVE-2021-40145

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 30 Aug 2021 16:10:11 -0300

Source diff to previous version
CVE-2017-6363 ** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the ven
CVE-2021-38115 read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds
CVE-2021-40145 ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The

Version: 2.2.5-4ubuntu0.4 2020-04-02 23:07:16 UTC

  libgd2 (2.2.5-4ubuntu0.4) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in gdImageClone allows attackers
    to crash an application via a specific function call sequence
    - debian/patches/CVE-2018-14553.patch: remove manual style copy from
      src/gd.c and appropriately set stylePos in tests/gdimageclone/style.c.
    - CVE-2018-14553
  * SECURITY UPDATE: possible read of uninitialized variable in
    gdImageCreateFromXbm()
    - debian/patches/CVE-2019-11038.patch: error out if sscanf() doesn't receive
      input in src/gd_xbm.c.
    - debian/patches/CVE-2019-11038-test.patch: add a test for
      CVE-2019-11038.patch
    - CVE-2019-11038

 -- Avital Ostromich <email address hidden> Mon, 09 Mar 2020 14:43:33 -0400

Source diff to previous version
CVE-2018-14553 gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific functi
CVE-2019-11038 When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x be

Version: 2.2.5-4ubuntu0.3 2019-02-28 16:06:55 UTC

  libgd2 (2.2.5-4ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gdImageColorMatch
    - debian/patches/CVE-2019-6977.patch: use gdMaxColors in
      src/gd_color_match.c.
    - CVE-2019-6977
  * SECURITY UPDATE: double-free in gdImage*Ptr() functions
    - debian/patches/CVE-2019-6978.patch: properly handle failure in
      src/gd_gif_out.c, src/gd_jpeg.c, src/gd_wbmp.c, add test to
      tests/jpeg/CMakeLists.txt, tests/jpeg/Makemodule.am,
      tests/jpeg/jpeg_ptr_double_free.c.
    - CVE-2019-6978

 -- Marc Deslauriers <email address hidden> Wed, 27 Feb 2019 14:31:55 -0500

Source diff to previous version
CVE-2019-6977 gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x
CVE-2019-6978 The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is un

Version: 2.2.5-4ubuntu0.2 2018-08-27 16:07:06 UTC

  libgd2 (2.2.5-4ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2018-1000222.patch: fix in
      src/gd_bmp.c.
    - CVE-2018-1000222
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-5711.patch: fix in
      src/gd_gif_in.c.
    - CVE-2018-5711

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 23 Aug 2018 12:15:43 -0300

CVE-2018-1000222 Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This atta
CVE-2018-5711 gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, h



About   -   Send Feedback to @ubuntu_updates