The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. References: https://github.com/libgd/libgd/issues/492 Upstream Patch: https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0 https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae
Created gd tracking bugs for this issue: Affects: fedora-all [bug 1671391] Created libwmf tracking bugs for this issue: Affects: fedora-all [bug 1671392]
Analysis: Basically a double-free in the gd library when handling gdImage Pointers. Can result in application crash. However you need need the gdImage*Ctx (where * is git, Jpeg or Wbmp) to fail.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2722 https://access.redhat.com/errata/RHSA-2019:2722
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-6978
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3943 https://access.redhat.com/errata/RHSA-2020:3943
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4659 https://access.redhat.com/errata/RHSA-2020:4659