FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libgd -- Denial of servica via double free

Affected packages
libgd < 2.2.5

Details

VuXML ID a60a2e95-acba-4b11-bc32-ffb47364e07d
Discovery 2017-09-07
Entry 2017-09-26

libgd developers report:

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.

References

CVE Name CVE-2017-6362
URL http://www.debian.org/security/2017/dsa-3961
URL https://github.com/libgd/libgd/issues/381
URL https://github.com/libgd/libgd/releases/tag/gd-2.2.5
URL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2BLXX7KNRE7ZVQAKGTHHWS33CUCXVUP/