Multiple security issues were found in jackson-databind, a Java library to parse JSON and other data formats which could result in information disclosure or the execution of arbitrary code.
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: * jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis * jackson-databind: improper polymorphic deserialization of types from Jodd-db library * jackson-databind: improper polymorphic deserializ ...
GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. Security Fix: * gd: Heap-based buffer overflow in gdImageColorMatch in gd_color_match.c * gd: NULL pointer dereference in gdImageClone * gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c For more details about the ...
* Fri Mar 27 2020 fjanus@redhat.com - 2.2.5-7 - Fix CVE-2018-14553 - Potential Null pointer dereference in gdImageClone Resolves: RHBZ#1811788 - Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch in libgd as used in imagecolormatch Resolves: RHBZ#1678104 - Fixed potential double-free in gdImage*Ptr Resolves: RHBZ#1679002
GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats.
This update for gd fixes the following issues: - CVE-2017-7890: Fixed a buffer over-read into uninitialized memory . - CVE-2018-14553: Fixed a null pointer dereference in gdImageClone . - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm .
This update for gd fixes the following issues: Security issue fixed: - CVE-2018-14553: Fixed a null pointer dereference in gdImageClone . - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm .