GD 2.21
Security Advisories
CVE-2019-6977
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
- https://nvd.nist.gov/vuln/detail/CVE-2019-6977
- https://bugs.php.net/bug.php?id=77270
- http://php.net/ChangeLog-7.php
- http://php.net/ChangeLog-5.php
- http://www.securityfocus.com/bid/106731
- https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
- https://www.debian.org/security/2019/dsa-4384
- https://usn.ubuntu.com/3900-1/
- https://security.netapp.com/advisory/ntap-20190315-0003/
- https://security.gentoo.org/glsa/201903-18
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html
- http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html
- https://www.exploit-db.com/exploits/46677/
- https://access.redhat.com/errata/RHSA-2019:2519
- https://access.redhat.com/errata/RHSA-2019:3299
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
Fixed version: >=2.72
Severity: high
Reported: 2019-01-27
Kwalitee Issues
- meta_yml_is_parsable
-
Upgrade your YAML generator so it produces valid YAML.
Error: multiple parts found in META.yml
- main_module_version_matches_dist_version
-
Make sure that the main module name and version are the same of the distribution.
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: GD-2.21/GD/Simple.pm -- Around line 245: =cut found outside a pod block. Skipping to next block.
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- proper_libs
-
Move your *.pm files in a directory named 'lib'. The directory structure should look like 'lib/Your/Module.pm' for a module named 'Your::Module'. If you need to provide additional files, e.g. for testing, that should not be considered for Kwalitee, then you should look at the 'provides' map in META.yml to limit the files scanned; or use the 'no_index' map to exclude parts of the distribution.
Error: GD/Polyline.pm, GD/Simple.pm
- meta_yml_has_license
-
Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: GD::Polyline, GD::Simple
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Provides
Name | File | View |
---|---|---|
GD::Polygon | GD/Polyline.pm | metacpan |