Product:

Libgd

(Libgd)
Repositories https://github.com/libgd/libgd
https://github.com/php/php-src
#Vulnerabilities 34
Date Id Summary Products Score Patch Annotated
2016-04-26 CVE-2016-3074 Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. Ubuntu_linux, Debian_linux, Fedora, Libgd, Opensuse, Php 9.8
2020-02-11 CVE-2018-14553 gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). Ubuntu_linux, Debian_linux, Fedora, Libgd, Leap 7.5
2021-09-08 CVE-2021-40812 The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks. Libgd 6.5
2021-08-26 CVE-2021-40145 ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes." Libgd 7.5
2021-08-04 CVE-2021-38115 read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. Libgd 6.5
2016-08-07 CVE-2016-6128 The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. Ubuntu_linux, Debian_linux, Libgd, Leap 7.5
2019-06-19 CVE-2019-11038 When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. Ubuntu_linux, Debian_linux, Fedora, Libgd, Leap, Php, Enterprise_linux, Software_collections, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension 5.3
2018-08-20 CVE-2018-1000222 Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. Ubuntu_linux, Debian_linux, Libgd 8.8
2020-02-27 CVE-2017-6363 ** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'" Libgd N/A
2015-03-30 CVE-2014-9709 The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. Ubuntu_linux, Debian_linux, Libgd, Opensuse, Php N/A