1 |
type: security |
2 |
subject: Updated libgd packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2019-11038 |
5 |
src: |
6 |
7: |
7 |
core: |
8 |
- libgd-2.2.5-5.2.mga7 |
9 |
description: | |
10 |
The updated packages fix a security vulnerability: |
11 |
|
12 |
When using the gdImageCreateFromXbm() function in the GD Graphics Library |
13 |
(aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x |
14 |
below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to |
15 |
supply data that will cause the function to use the value of uninitialized |
16 |
variable. This may lead to disclosing contents of the stack that has been |
17 |
left there by previous code. (CVE-2019-11038) |
18 |
references: |
19 |
- https://bugs.mageia.org/show_bug.cgi?id=26306 |
20 |
- http://lists.suse.com/pipermail/sle-security-updates/2020-March/006579.html |
21 |
ID: MGASA-2020-0134 |