MGASA-2018-0367

Advisory lineage Upstream: 2 Downstream: 0
Published: 02 Sept 2018, 19:07
Last modified:16 Apr 2026, 06:26

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

02 Sept 2018, 19:07
Published
Vulnerability first disclosed
16 Apr 2026, 06:26
Last Modified
Vulnerability information updated

Description

Updated libgd packages fix security vulnerabilities The updated packages fix security vulnerabilities: gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx (CVE-2018-5711). Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free (CVE-2018-1000222).

Affected Systems

  • mageialibgd

    < 2.2.5-2.1.mga6

References (3)