Double Free Affecting libwmf-gnome package, versions <0.2.12-150000.4.4.1
Threat Intelligence
EPSS
1.82% (89th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES154-LIBWMFGNOME-2808529
- published 5 May 2022
- disclosed 4 May 2022
Introduced: 4 May 2022
CVE-2019-6978 Open this link in a new tabHow to fix?
Upgrade SLES:15.4 libwmf-gnome to version 0.2.12-150000.4.4.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream libwmf-gnome package and not the libwmf-gnome package as distributed by SLES.
See How to fix? for SLES:15.4 relevant fixed versions and status.
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
References
- https://www.suse.com/security/cve/CVE-2019-6978.html
- https://bugzilla.suse.com/1123522
- https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae
- https://github.com/libgd/libgd/issues/492
- https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
- https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
- https://www.debian.org/security/2019/dsa-4384
- https://usn.ubuntu.com/3900-1/
- https://security.gentoo.org/glsa/201903-18
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html
- https://access.redhat.com/errata/RHSA-2019:2722
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/