Executive Summary

Summary
Title GD Graphics Library vulnerabilities
Informations
Name USN-4316-2 First vendor Publication 2020-04-02
Vendor Ubuntu Last vendor Modification 2020-04-02
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its
derivatives:



- Ubuntu 14.04 ESM



Summary:



Several security issues were fixed in GD Graphics Library.



Software Description:

- libgd2: Open source code library for the dynamic creation of
images



Details:



USN-4316-1 fixed a vulnerability in GD Graphics Library. This
update provides

the corresponding update for Ubuntu 14.04 ESM.



Original advisory details:



It was discovered that GD Graphics Library incorrectly handled
cloning an

image. An attacker could possibly use this issue to cause GD
Graphics Library

to crash, resulting in a denial of service. (CVE-2018-14553)



It was discovered that GD Graphics Library incorrectly handled
loading images

from X bitmap format files. An attacker could possibly use this
issue to cause

GD Graphics Library to crash, resulting in a denial of service,
or to disclose

contents of the stack that has been left there by
previous code. (CVE-2019-11038)




Update instructions:


The problem can be corrected by updating
your system to the following

package versions:



Ubuntu 14.04 ESM:

テつ libgd-toolsテつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 2.1.0-3ubuntu0.11+esm1

テつ libgd3テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ テつ 2.1.0-3ubuntu0.11+esm1



In general, a standard system update will make all the
necessary changes.



References:

テつ テつ target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://usn.ubuntu.com/4316-2&source=gmail&ust=1585953507706000&usg=AFQjCNHDzSQUN-OSlWvV-qIQ67Xc6W4Q0A"
style="color: rgb(17, 85, 204);">https://usn.ubuntu.com/4316-2

テつ テつ target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://usn.ubuntu.com/4316-1&source=gmail&ust=1585953507706000&usg=AFQjCNHxPWJg3eGQwLhBWgU_85mavMoYrQ"
style="color: rgb(17, 85, 204);">https://usn.ubuntu.com/4316-1

テつ CVE-2018-14553, CVE-2019-11038


Original Source

Url : http://www.ubuntu.com/usn/USN-4316-2

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 11
Application 887
Application 1
Application 1
Os 5
Os 2
Os 3
Os 1
Os 2
Os 1
Os 2
Os 2
Os 2

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2020-04-03 05:22:02
  • Multiple Updates
2020-04-03 05:18:46
  • First insertion