Source: libgd2 Version: 2.2.4-1 Severity: important Tags: patch security upstream Forwarded: https://github.com/libgd/libgd/issues/447
Hi, The following vulnerability was published for libgd2. CVE-2018-1000222[0]: | Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability | in gdImageBmpPtr Function that can result in Remote Code Execution . | This attack appear to be exploitable via Specially Crafted Jpeg Image | can trigger double free. This vulnerability appears to have been fixed | in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000222 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000222 [1] https://github.com/libgd/libgd/issues/447 [2] https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 Regards, Salvatore

