The LibGD team is proud to announce the 2.3.0 release of libgd.
Security related fixes:
- Double-free vulnerability in gdImageBmpPtr. (CVE-2018-1000222)
- Null pointer reference at gdImageClone. (CVE-2018-14553)
- Integer signedness error. (CVE-2018-5711)
- Using uninitialized variables. (CVE-2019-11038)
- Heap-based buffer overflow. (CVE-2019-6977)
- Double-free in gdImage*Ptr(). (CVE-2019-6978)
For full list of changes, see CHANGELOG.md.
This is a recommended update.
You can download the 2.3.0 version of GD Graphics Library from the libgd 2.3.0 release.
Check out the full commits list since the previous release.