gd is vulnerable to arbitrary code execution. The vulnerability exists through a double free issue in the gdImage*Ptr
in gd_gif_out.c
, gd_jpeg.c
, and gd_wbmp.c
which allows an attacker to inject arbitrary codes into the system.
lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html
lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
access.redhat.com/errata/RHSA-2020:3943
access.redhat.com/security/updates/classification/#low
github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
github.com/libgd/libgd/issues/492
github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae
lists.debian.org/debian-lts-announce/2019/01/msg00028.html
security.gentoo.org/glsa/201903-18
usn.ubuntu.com/3900-1/
www.debian.org/security/2019/dsa-4384