Security update for gd SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2941-1 Final 1 1 2018-09-28T14:12:22Z current 2018-09-28T14:12:22Z 2018-09-28T14:12:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gd This update for gd fixes the following issues: Security issue fixed: - CVE-2018-1000222: Fixed a double free vulnerability in gdImageBmpPtr() that could result in remote code execution. This could have been exploited via a specially crafted JPEG image files. (bsc#1105434) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00084.html E-Mail link for openSUSE-SU-2018:2941-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 gd-2.2.5-lp150.3.3.1 gd-devel-2.2.5-lp150.3.3.1 libgd3-2.2.5-lp150.3.3.1 libgd3-32bit-2.2.5-lp150.3.3.1 gd-2.2.5-lp150.3.3.1 as a component of openSUSE Leap 15.0 gd-devel-2.2.5-lp150.3.3.1 as a component of openSUSE Leap 15.0 libgd3-2.2.5-lp150.3.3.1 as a component of openSUSE Leap 15.0 libgd3-32bit-2.2.5-lp150.3.3.1 as a component of openSUSE Leap 15.0 Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. CVE-2018-1000222 openSUSE Leap 15.0:gd-2.2.5-lp150.3.3.1 openSUSE Leap 15.0:gd-devel-2.2.5-lp150.3.3.1 openSUSE Leap 15.0:libgd3-2.2.5-lp150.3.3.1 openSUSE Leap 15.0:libgd3-32bit-2.2.5-lp150.3.3.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00084.html https://www.suse.com/security/cve/CVE-2018-1000222.html CVE-2018-1000222 https://bugzilla.suse.com/1105434 SUSE Bug 1105434