{"id":"MGASA-2018-0367","summary":"Updated libgd packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\n\ngd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before\n5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1,\nhas an integer signedness error that leads to an infinite loop via a\ncrafted GIF file, as demonstrated by a call to the imagecreatefromgif or\nimagecreatefromstring PHP function. This is related to GetCode_ and\ngdImageCreateFromGifCtx (CVE-2018-5711).\n\nLibgd version 2.2.5 contains a Double Free Vulnerability vulnerability in\ngdImageBmpPtr Function that can result in Remote Code Execution . This\nattack appear to be exploitable via Specially Crafted Jpeg Image can\ntrigger double free (CVE-2018-1000222).\n","modified":"2026-04-16T01:49:02.079231218Z","published":"2018-09-02T19:07:30Z","upstream":["CVE-2018-1000222","CVE-2018-5711"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0367.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23496"},{"type":"WEB","url":"https://usn.ubuntu.com/3755-1/"}],"affected":[{"package":{"name":"libgd","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libgd?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.5-2.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0367.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}