CVE-2018-14553: 
Rocky Linux vulnerability analysis and mitigation

The vulnerability CVE-2018-14553 affects the GD Graphics Library (libgd) versions 2.1.0-rc2 through 2.2.5. The issue involves a NULL pointer dereference in the gdImageClone function within gd.c, which can be triggered by a specific function call sequence. This vulnerability specifically affects PHP installations when linked with an external libgd library, not the bundled version (NVD, CVE).

The vulnerability exists in the gdImageClone function of gd.c, where a NULL pointer dereference can occur during image cloning operations. The issue was assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-476 (NULL Pointer Dereference) (NVD).

When exploited, this vulnerability allows attackers to crash applications using the affected libgd library, resulting in a denial of service condition. The impact is particularly significant for PHP applications linked against external libgd installations (Ubuntu Security, Debian LTS).

The vulnerability was patched in libgd version 2.3.0. Various Linux distributions have released security updates to address this issue: Ubuntu provided fixes for versions 14.04 ESM, 16.04 ESM, 18.04, and 19.10; Debian released updates for version 8.0; and Fedora updated to version 2.3.0-1.fc32 (Ubuntu Security, Debian LTS, Fedora Update).