Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libgd
(Libgd)| Repositories |
• https://github.com/libgd/libgd
• https://github.com/php/php-src |
| #Vulnerabilities | 34 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-08-07 | CVE-2016-5767 | Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. | Libgd | 8.8 | ||
| 2016-08-07 | CVE-2016-5766 | Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. | Debian_linux, Fedora, Freebsd, Libgd, Enterprise_linux, Openshift | 8.8 | ||
| 2016-08-07 | CVE-2016-5116 | gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name. | Debian_linux, Libgd, Leap | 9.1 | ||
| 2017-03-15 | CVE-2016-10168 | Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. | Libgd | 7.8 | ||
| 2017-03-15 | CVE-2016-10167 | The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. | Libgd | 5.5 | ||
| 2017-03-15 | CVE-2016-10166 | Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. | Libgd | 9.8 | ||
| 2016-05-21 | CVE-2015-8877 | The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function. | Libgd, Php | 7.5 | ||
| 2016-08-07 | CVE-2013-7456 | gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function. | Libgd | 7.6 | ||
| 2007-05-18 | CVE-2007-2756 | The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. | Libgd | N/A |