(RHSA-2020:4659) Moderate: gd security update

2020-11-03T17:24:40
ID RHSA-2020:4659
Type redhat
Reporter RedHat
Modified 2020-11-04T05:05:00

Description

GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats.

Security Fix(es):

  • gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977)

  • gd: NULL pointer dereference in gdImageClone (CVE-2018-14553)

  • gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.