Errata overview
Errata ID 593
Date 2019-02-06
Source package libgd2
Fixed in version 2.1.0-5+deb8u12
This update addresses the following issues:
* Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx
  function in ext/gd/libgd/gd_gif_in.c (CVE-2018-5711)
* Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG
* gdImageColorMatch in gd_color_match.c has a heap-based buffer overflow.
  This can be exploited by an attacker who is able to trigger imagecolormatch
  calls with crafted image data. (CVE-2019-6977)
* The GD Graphics Library has a double free in the gdImage*Ptr() functions in
  gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. (CVE-2019-6978)
Additional notes
CVE ID CVE-2018-5711
UCS Bug number #48596