Summary: | <media-libs/gd-2.2.5-r1: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Eddie Chapman <maracay> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000222 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
media-libs/gd-2.2.5-r1
|
Runtime testing required: | --- |
Description
Eddie Chapman
2018-08-28 10:56:46 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=04cf9aa3bf7e0746e85461c3c56d9f9a95ce6fba commit 04cf9aa3bf7e0746e85461c3c56d9f9a95ce6fba Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-14 19:11:20 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-14 19:15:47 +0000 media-libs/gd: Fix CVE-2018-1000222 Thanks-to: Eddie Chapman <maracay@ehuk.net> Bug: https://bugs.gentoo.org/664732 Package-Manager: Portage-2.3.49, Repoman-2.3.10 .../gd/files/gd-2.2.5-CVE-2018-1000222.patch | 73 ++++++++++++++++++++++ media-libs/gd/gd-2.2.5-r1.ebuild | 64 +++++++++++++++++++ 2 files changed, 137 insertions(+) amd64 stable sparc done. x86 stable arm stable arm64 stable. Bug 608730 and bug 632076 still a problem - very annoying. ppc/ppc64 stable Stable on alpha. ia64 stable @maintainer(s), please drop vulnerable. hppa stable This issue was resolved and addressed in GLSA 201903-18 at https://security.gentoo.org/glsa/201903-18 by GLSA coordinator Aaron Bauman (b-man). |