{"id":"MGASA-2019-0073","summary":"Updated libgd packages fix security vulnerability","details":"gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka\nLibGD) 2.2.5 has a heap-based buffer overflow. This can be exploited by an\nattacker who is able to trigger calls to the function with crafted image\ndata (CVE-2019-6977).\n\nThe GD Graphics Library (aka LibGD) 2.2.5 has a double free in the\ngdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c\n(CVE-2019-6978).\n","modified":"2026-04-16T00:11:30.800617902Z","published":"2019-02-13T11:08:25Z","upstream":["CVE-2019-6977","CVE-2019-6978"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0073.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24336"},{"type":"WEB","url":"https://www.debian.org/security/2019/dsa-4384"}],"affected":[{"package":{"name":"libgd","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libgd?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.5-2.3.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0073.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}