Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libgd
(Libgd)| Repositories |
• https://github.com/libgd/libgd
• https://github.com/php/php-src |
| #Vulnerabilities | 34 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-04 | CVE-2021-38115 | read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | Libgd | 6.5 | ||
| 2021-08-26 | CVE-2021-40145 | gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes. | Libgd | 7.5 | ||
| 2021-09-08 | CVE-2021-40812 | The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks. | Libgd | 6.5 | ||
| 2020-02-27 | CVE-2017-6363 | In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.' | Libgd | 8.1 | ||
| 2020-02-11 | CVE-2018-14553 | gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). | Ubuntu_linux, Debian_linux, Fedora, Libgd, Leap | 7.5 | ||
| 2017-01-04 | CVE-2016-8670 | Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call. | Libgd | 9.8 | ||
| 2017-09-07 | CVE-2017-6362 | Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. | Ubuntu_linux, Debian_linux, Fedora, Libgd | 7.5 | ||
| 2018-08-20 | CVE-2018-1000222 | Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. | Ubuntu_linux, Debian_linux, Libgd | 8.8 | ||
| 2019-01-27 | CVE-2019-6977 | gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. | Ubuntu_linux, Debian_linux, Libgd, Storage_automation_store, Php | 8.8 | ||
| 2019-01-28 | CVE-2019-6978 | The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. | Ubuntu_linux, Debian_linux, Libgd | 9.8 |