Slackware Linux update for gd
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2018-1000222 CVE-2018-14553 CVE-2018-5711 CVE-2019-11038 CVE-2019-6977 CVE-2019-6978 |
| CWE-ID | CWE-415 CWE-476 CWE-835 CWE-125 CWE-787 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. |
| Vulnerable software Subscribe |
Slackware Linux Operating systems & Components / Operating system |
| Vendor | Slackware |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Double free error
EUVDB-ID: #VU14596
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1000222
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to double free memory error. A remote unauthenticated attacker can trick the victim into jpeg image, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package gd.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.379791
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU26344
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-14553
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the gdImageClone() function in gd.c file in libgd. A remote attacker can trigger denial of service conditions via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
MitigationUpdate the affected package gd.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.379791
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Infinite loop
EUVDB-ID: #VU10390
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5711
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a local unauthenticated attacker to cause DoS condition.
The vulnerability exists in PHP GD Graphics Library due to insufficient sanitization of user-supplied data. A local attacker can submit a specially crafted GIF, trigger an infinite loop and cause the service to crash.
MitigationUpdate the affected package gd.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.379791
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU21274
Risk: Medium
CVSSv3.1: 4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-11038
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD). A remote attacker can create a specially crafted image, pass it to the affected application, trigger out-of-bounds read error and read contents of memory on the system.
Mitigation
Update the affected package gd.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.379791
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU16916
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-6977
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary on the target system.
The weakness exists due to out-of-bounds write in imagecolormatch. A remote attacker can write up to 1200 bytes over the boundaries of a buffer allocated in the imagecolormatch function, which then calls gdImageColorMatch() and execute arbitrary code with elevated privileges.
Update the affected package gd.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.379791
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Double Free
EUVDB-ID: #VU17380
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-6978
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. A remote attacker can trick the victim into opening a specially crafted input, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package gd.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.379791
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
