A flaw was found in gd as shipped with Fedora. Cloning a image with style "attached", triggers a NULL pointer dereference in 'gdImageClone' leading to denial of service. Affected versions: gd-2.2.5 gd-2.2.4 gd-2.2.3 gd-2.2.2 gd-2.2.1 gd-2.2.0 gd-2.1.1 gd-2.1.0 gd-2.1.0-rc2 References: https://bugzilla.redhat.com/show_bug.cgi?id=1599032
Upstream commit: https://github.com/fcabralpacheco/libgd/commit/441cbfed60ebf6cb63b8ce120ed0a82b15e7aaf8 Upstream pull request: https://github.com/libgd/libgd/pull/580
Created gd tracking bugs for this issue: Affects: fedora-all [bug 1802087]
Already fix here: https://bugzilla.redhat.com/show_bug.cgi?id=1599032 All builds in stable: https://bodhi.fedoraproject.org/updates/FEDORA-2020-6bef0d0c5c https://bodhi.fedoraproject.org/updates/FEDORA-2020-dad5230359 https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd0a88b7a9 *** This bug has been marked as a duplicate of bug 1599032 ***
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-14553
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4659 https://access.redhat.com/errata/RHSA-2020:4659