GD 2.25
Security Advisories
CVE-2019-6977
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
- https://nvd.nist.gov/vuln/detail/CVE-2019-6977
- https://bugs.php.net/bug.php?id=77270
- http://php.net/ChangeLog-7.php
- http://php.net/ChangeLog-5.php
- http://www.securityfocus.com/bid/106731
- https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
- https://www.debian.org/security/2019/dsa-4384
- https://usn.ubuntu.com/3900-1/
- https://security.netapp.com/advisory/ntap-20190315-0003/
- https://security.gentoo.org/glsa/201903-18
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html
- http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html
- https://www.exploit-db.com/exploits/46677/
- https://access.redhat.com/errata/RHSA-2019:2519
- https://access.redhat.com/errata/RHSA-2019:3299
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
Fixed version: >=2.72
Severity: high
Reported: 2019-01-27
Kwalitee Issues
- main_module_version_matches_dist_version
-
Make sure that the main module name and version are the same of the distribution.
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: GD-2.25/GD/Simple.pm -- Around line 245: =cut found outside a pod block. Skipping to next block.
- meta_yml_declares_perl_version
-
If you are using Build.PL define the {requires}{perl} = VERSION field. If you are using MakeMaker (Makefile.PL) you should upgrade ExtUtils::MakeMaker to 6.48 and use MIN_PERL_VERSION parameter. Perl::MinimumVersion can help you determine which version of Perl your module needs.
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- proper_libs
-
Move your *.pm files in a directory named 'lib'. The directory structure should look like 'lib/Your/Module.pm' for a module named 'Your::Module'. If you need to provide additional files, e.g. for testing, that should not be considered for Kwalitee, then you should look at the 'provides' map in META.yml to limit the files scanned; or use the 'no_index' map to exclude parts of the distribution.
Error: GD/Polyline.pm, GD/Simple.pm
- meta_yml_has_license
-
Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: GD::Polyline, GD::Simple
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- meta_yml_has_repository_resource
-
Add a 'repository' resource to the META.yml via 'meta_add' accessor (for Module::Build) or META_ADD parameter (for ExtUtils::MakeMaker).
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Provides
Name | File | View |
---|---|---|
GD::Polygon | GD/Polyline.pm | metacpan |