Описание
Security update for gd
This update for gd fixes the following issues:
Security issue fixed:
- CVE-2018-14553: Fixed a null pointer dereference in gdImageClone (bsc#1165471).
- CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0332-1
- SUSE Security Ratings
- SUSE Bug 1140120
- SUSE Bug 1165471
- SUSE CVE CVE-2018-14553 page
- SUSE CVE CVE-2019-11038 page
Описание
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
Затронутые продукты
Ссылки
- CVE-2018-14553
- SUSE Bug 1165471
Описание
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
Затронутые продукты
Ссылки
- CVE-2019-11038
- SUSE Bug 1140118
- SUSE Bug 1140120