Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/libgd2@2.2.5-5.2

Type deb

Namespace debian

Name libgd2

Version 2.2.5-5.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.3-9

Latest_non_vulnerable_version 2.3.3-9

Affected_by_vulnerabilities

url VCID-g3zj-r8ag-a7ej

vulnerability_id VCID-g3zj-r8ag-a7ej

summary read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38115

reference_id

reference_type

scores

value	0.00176
scoring_system	epss
scoring_elements	0.3878
published_at	2026-04-29T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39006
published_at	2026-04-01T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39192
published_at	2026-04-02T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39215
published_at	2026-04-04T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39134
published_at	2026-04-07T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39188
published_at	2026-04-08T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39204
published_at	2026-04-09T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39216
published_at	2026-04-11T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39179
published_at	2026-04-12T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.3916
published_at	2026-04-13T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39214
published_at	2026-04-16T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39184
published_at	2026-04-18T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39095
published_at	2026-04-21T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.38885
published_at	2026-04-24T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.38862
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38115
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38115

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991912
reference_id	991912
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991912

reference_url

https://security.archlinux.org/AVG-2258

reference_id

AVG-2258

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2258

reference_url	https://usn.ubuntu.com/5068-1/
reference_id	USN-5068-1
reference_type
scores
url	https://usn.ubuntu.com/5068-1/

fixed_packages

url	pkg:deb/debian/libgd2@2.3.3-9
purl	pkg:deb/debian/libgd2@2.3.3-9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-9

aliases CVE-2021-38115

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g3zj-r8ag-a7ej

url VCID-jun7-q9ts-ebfe

vulnerability_id VCID-jun7-q9ts-ebfe

summary In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6363

reference_id

reference_type

scores

value	0.00422
scoring_system	epss
scoring_elements	0.62107
published_at	2026-04-24T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62123
published_at	2026-04-26T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62116
published_at	2026-04-29T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62155
published_at	2026-04-07T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62205
published_at	2026-04-08T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62222
published_at	2026-04-09T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.6224
published_at	2026-04-11T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62096
published_at	2026-04-01T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62209
published_at	2026-04-13T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62255
published_at	2026-04-16T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62262
published_at	2026-04-18T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62246
published_at	2026-04-21T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.6223
published_at	2026-04-12T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62156
published_at	2026-04-02T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62187
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6363

reference_url	https://usn.ubuntu.com/5068-1/
reference_id	USN-5068-1
reference_type
scores
url	https://usn.ubuntu.com/5068-1/

fixed_packages

url pkg:deb/debian/libgd2@2.3.0-2

purl pkg:deb/debian/libgd2@2.3.0-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-s83u-wk4f-wkfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.0-2

aliases CVE-2017-6363

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jun7-q9ts-ebfe

url VCID-qqe4-4aja-j7dz

vulnerability_id VCID-qqe4-4aja-j7dz

summary gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-40145

reference_id

reference_type

scores

value	0.00426
scoring_system	epss
scoring_elements	0.62337
published_at	2026-04-29T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62326
published_at	2026-04-24T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62333
published_at	2026-04-18T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62317
published_at	2026-04-21T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62342
published_at	2026-04-26T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62226
published_at	2026-04-07T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62276
published_at	2026-04-08T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62293
published_at	2026-04-09T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62312
published_at	2026-04-11T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62302
published_at	2026-04-12T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62281
published_at	2026-04-13T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67494
published_at	2026-04-02T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67515
published_at	2026-04-04T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67458
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-40145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40145

reference_url

https://security.archlinux.org/AVG-2258

reference_id

AVG-2258

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2258

reference_url	https://usn.ubuntu.com/5068-1/
reference_id	USN-5068-1
reference_type
scores
url	https://usn.ubuntu.com/5068-1/

fixed_packages

url	pkg:deb/debian/libgd2@2.3.3-9
purl	pkg:deb/debian/libgd2@2.3.3-9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-9

aliases CVE-2021-40145

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqe4-4aja-j7dz

url VCID-s83u-wk4f-wkfd

vulnerability_id VCID-s83u-wk4f-wkfd

summary The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-40812

reference_id

reference_type

scores

value	0.00133
scoring_system	epss
scoring_elements	0.32541
published_at	2026-04-29T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32929
published_at	2026-04-12T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32903
published_at	2026-04-13T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32944
published_at	2026-04-16T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32922
published_at	2026-04-18T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32885
published_at	2026-04-21T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32738
published_at	2026-04-24T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32623
published_at	2026-04-26T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32895
published_at	2026-04-01T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.33025
published_at	2026-04-02T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.33058
published_at	2026-04-04T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32888
published_at	2026-04-07T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32935
published_at	2026-04-08T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32964
published_at	2026-04-09T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32967
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-40812

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40812
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40812

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9

reference_id

6f5136821be86e7068fcdf651ae9420b5d42e9a9

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T16:15:07Z/

url

https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9

reference_url

https://github.com/libgd/libgd/issues/750#issuecomment-914872385

reference_id

750#issuecomment-914872385

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T16:15:07Z/

url

https://github.com/libgd/libgd/issues/750#issuecomment-914872385

reference_url

https://security.archlinux.org/AVG-2258

reference_id

AVG-2258

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2258

reference_url

https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html

reference_id

msg00003.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T16:15:07Z/

url

https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html

reference_url	https://usn.ubuntu.com/7112-1/
reference_id	USN-7112-1
reference_type
scores
url	https://usn.ubuntu.com/7112-1/

fixed_packages

url	pkg:deb/debian/libgd2@2.3.3-9
purl	pkg:deb/debian/libgd2@2.3.3-9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-9

aliases CVE-2021-40812

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s83u-wk4f-wkfd

url VCID-zp5r-wjhe-u7b3

vulnerability_id VCID-zp5r-wjhe-u7b3

summary gd: NULL pointer dereference in gdImageClone

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14553.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14553.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14553

reference_id

reference_type

scores

value	0.00979
scoring_system	epss
scoring_elements	0.76696
published_at	2026-04-01T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.767
published_at	2026-04-02T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76729
published_at	2026-04-04T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76711
published_at	2026-04-07T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76743
published_at	2026-04-08T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76754
published_at	2026-04-13T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76782
published_at	2026-04-11T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76762
published_at	2026-04-12T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76795
published_at	2026-04-16T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.768
published_at	2026-04-18T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76791
published_at	2026-04-21T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76823
published_at	2026-04-24T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.7683
published_at	2026-04-26T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76841
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14553

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14553
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14553

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1600727
reference_id	1600727
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1600727

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951287
reference_id	951287
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951287

reference_url	https://access.redhat.com/errata/RHSA-2020:4659
reference_id	RHSA-2020:4659
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4659

reference_url	https://usn.ubuntu.com/4316-1/
reference_id	USN-4316-1
reference_type
scores
url	https://usn.ubuntu.com/4316-1/

reference_url	https://usn.ubuntu.com/4316-2/
reference_id	USN-4316-2
reference_type
scores
url	https://usn.ubuntu.com/4316-2/

fixed_packages

url pkg:deb/debian/libgd2@2.3.0-2

purl pkg:deb/debian/libgd2@2.3.0-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-s83u-wk4f-wkfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.0-2

aliases CVE-2018-14553

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zp5r-wjhe-u7b3

Fixing_vulnerabilities

url VCID-3bce-bp4m-3bcy

vulnerability_id VCID-3bce-bp4m-3bcy

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6362.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6362.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6362

reference_id

reference_type

scores

value	0.00411
scoring_system	epss
scoring_elements	0.61448
published_at	2026-04-29T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61424
published_at	2026-04-13T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61463
published_at	2026-04-16T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61467
published_at	2026-04-18T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61451
published_at	2026-04-21T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61439
published_at	2026-04-24T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61453
published_at	2026-04-26T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.8022
published_at	2026-04-07T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80248
published_at	2026-04-08T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80259
published_at	2026-04-09T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80277
published_at	2026-04-11T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80262
published_at	2026-04-12T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80204
published_at	2026-04-01T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80212
published_at	2026-04-02T12:55:00Z

value	0.01378
scoring_system	epss
scoring_elements	0.80232
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6362

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/libgd/libgd/issues/381
reference_id
reference_type
scores
url	https://github.com/libgd/libgd/issues/381

reference_url	https://github.com/libgd/libgd/releases/tag/gd-2.2.5
reference_id
reference_type
scores
url	https://github.com/libgd/libgd/releases/tag/gd-2.2.5

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2BLXX7KNRE7ZVQAKGTHHWS33CUCXVUP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2BLXX7KNRE7ZVQAKGTHHWS33CUCXVUP/

reference_url	http://www.debian.org/security/2017/dsa-3961
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3961

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1489842
reference_id	1489842
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1489842

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.4:::::::*
reference_id	cpe:2.3:a:libgd:libgd:2.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:26:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:26:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-6362

reference_id

CVE-2017-6362

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-6362

reference_url	https://usn.ubuntu.com/3410-1/
reference_id	USN-3410-1
reference_type
scores
url	https://usn.ubuntu.com/3410-1/

reference_url	https://usn.ubuntu.com/3410-2/
reference_id	USN-3410-2
reference_type
scores
url	https://usn.ubuntu.com/3410-2/

fixed_packages

url pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11

purl pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pj7-5gy9-97f7

vulnerability	VCID-34yj-pb2j-5faa

vulnerability	VCID-3bce-bp4m-3bcy

vulnerability	VCID-3v99-kbeq-47d8

vulnerability	VCID-4eyx-7fmr-r7dm

vulnerability	VCID-6xda-97rd-9bam

vulnerability	VCID-6ysv-9bmx-w7df

vulnerability	VCID-75xx-y3xu-cqe2

vulnerability	VCID-7rvx-8x2z-7kdm

vulnerability	VCID-9zks-j1fv-ukew

vulnerability	VCID-b878-mmfs-e3g1

vulnerability	VCID-cr4d-8dhn-gkgq

vulnerability	VCID-fcm8-f9e6-83b4

vulnerability	VCID-fwyg-v128-k7c9

vulnerability	VCID-g1b8-dkd3-j3a2

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-habv-tr8c-rucd

vulnerability	VCID-hwys-fv79-b7d8

vulnerability	VCID-jhzv-9ey6-gkdz

vulnerability	VCID-jun7-q9ts-ebfe

vulnerability	VCID-k6qv-tnq5-ybd7

vulnerability	VCID-ku2g-q6cg-ayhc

vulnerability	VCID-m3ve-pf4u-9qhh

vulnerability	VCID-pnee-e13t-57a2

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-r7yv-ryzk-z3e8

vulnerability	VCID-s33d-rhg8-wqej

vulnerability	VCID-s83u-wk4f-wkfd

vulnerability	VCID-sszm-mvm2-m7ee

vulnerability	VCID-tfaf-hb2s-fyb9

vulnerability	VCID-vya2-pzx7-m7c1

vulnerability	VCID-x14b-aaj3-nyed

vulnerability	VCID-x635-b1cj-m7d7

vulnerability	VCID-zp5r-wjhe-u7b3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11

url pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5

purl pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3bce-bp4m-3bcy

vulnerability	VCID-3v99-kbeq-47d8

vulnerability	VCID-6xda-97rd-9bam

vulnerability	VCID-6ysv-9bmx-w7df

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-jun7-q9ts-ebfe

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-r7yv-ryzk-z3e8

vulnerability	VCID-s83u-wk4f-wkfd

vulnerability	VCID-sszm-mvm2-m7ee

vulnerability	VCID-x635-b1cj-m7d7

vulnerability	VCID-zp5r-wjhe-u7b3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5

url pkg:deb/debian/libgd2@2.2.5-5.2

purl pkg:deb/debian/libgd2@2.2.5-5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-jun7-q9ts-ebfe

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-s83u-wk4f-wkfd

vulnerability	VCID-zp5r-wjhe-u7b3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2

aliases CVE-2017-6362

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3bce-bp4m-3bcy

url VCID-3v99-kbeq-47d8

vulnerability_id VCID-3v99-kbeq-47d8

summary

Multiple vulnerabilities have been found in GD, the worst of which
    could result in the remote execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5711.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5711.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5711

reference_id

reference_type

scores

value	0.07835
scoring_system	epss
scoring_elements	0.91953
published_at	2026-04-01T12:55:00Z

value	0.07835
scoring_system	epss
scoring_elements	0.92001
published_at	2026-04-29T12:55:00Z

value	0.07835
scoring_system	epss
scoring_elements	0.92002
published_at	2026-04-21T12:55:00Z

value	0.07835
scoring_system	epss
scoring_elements	0.92006
published_at	2026-04-24T12:55:00Z

value	0.07835
scoring_system	epss
scoring_elements	0.91961
published_at	2026-04-02T12:55:00Z

value	0.07835
scoring_system	epss
scoring_elements	0.91969
published_at	2026-04-04T12:55:00Z

value	0.07835
scoring_system	epss
scoring_elements	0.91975
published_at	2026-04-07T12:55:00Z

value	0.07835
scoring_system	epss
scoring_elements	0.91988
published_at	2026-04-08T12:55:00Z

value	0.07835
scoring_system	epss
scoring_elements	0.91991
published_at	2026-04-09T12:55:00Z

value	0.07835
scoring_system	epss
scoring_elements	0.91994
published_at	2026-04-11T12:55:00Z

value	0.07835
scoring_system	epss
scoring_elements	0.91993
published_at	2026-04-12T12:55:00Z

value	0.07835
scoring_system	epss
scoring_elements	0.9199
published_at	2026-04-13T12:55:00Z

value	0.07835
scoring_system	epss
scoring_elements	0.92008
published_at	2026-04-16T12:55:00Z

value	0.07835
scoring_system	epss
scoring_elements	0.92005
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5711

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11142
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11142

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11143
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11143

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11144
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11628
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11628

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12932
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12932

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12933
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12933

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16642
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16642

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1535246
reference_id	1535246
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1535246

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887485
reference_id	887485
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887485

reference_url

https://security.archlinux.org/AVG-865

reference_id

AVG-865

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-865

reference_url	https://security.gentoo.org/glsa/201903-18
reference_id	GLSA-201903-18
reference_type
scores
url	https://security.gentoo.org/glsa/201903-18

reference_url	https://access.redhat.com/errata/RHSA-2018:1296
reference_id	RHSA-2018:1296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1296

reference_url	https://access.redhat.com/errata/RHSA-2019:2519
reference_id	RHSA-2019:2519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2519

reference_url	https://usn.ubuntu.com/3755-1/
reference_id	USN-3755-1
reference_type
scores
url	https://usn.ubuntu.com/3755-1/

fixed_packages

url pkg:deb/debian/libgd2@2.2.5-5.2

purl pkg:deb/debian/libgd2@2.2.5-5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-jun7-q9ts-ebfe

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-s83u-wk4f-wkfd

vulnerability	VCID-zp5r-wjhe-u7b3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2

aliases CVE-2018-5711

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3v99-kbeq-47d8

url VCID-6xda-97rd-9bam

vulnerability_id VCID-6xda-97rd-9bam

summary

Multiple vulnerabilities have been found in GD, the worst of which
    could result in the remote execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html

reference_url	http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html

reference_url	http://php.net/ChangeLog-5.php
reference_id
reference_type
scores
url	http://php.net/ChangeLog-5.php

reference_url	http://php.net/ChangeLog-7.php
reference_id
reference_type
scores
url	http://php.net/ChangeLog-7.php

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6977.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6977.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6977

reference_id

reference_type

scores

value	0.863
scoring_system	epss
scoring_elements	0.99399
published_at	2026-04-02T12:55:00Z

value	0.863
scoring_system	epss
scoring_elements	0.9941
published_at	2026-04-26T12:55:00Z

value	0.863
scoring_system	epss
scoring_elements	0.99405
published_at	2026-04-13T12:55:00Z

value	0.863
scoring_system	epss
scoring_elements	0.99408
published_at	2026-04-21T12:55:00Z

value	0.863
scoring_system	epss
scoring_elements	0.99407
published_at	2026-04-18T12:55:00Z

value	0.863
scoring_system	epss
scoring_elements	0.99409
published_at	2026-04-29T12:55:00Z

value	0.863
scoring_system	epss
scoring_elements	0.994
published_at	2026-04-04T12:55:00Z

value	0.863
scoring_system	epss
scoring_elements	0.99402
published_at	2026-04-08T12:55:00Z

value	0.863
scoring_system	epss
scoring_elements	0.99403
published_at	2026-04-09T12:55:00Z

value	0.863
scoring_system	epss
scoring_elements	0.99404
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6977

reference_url	https://bugs.php.net/bug.php?id=77270
reference_id
reference_type
scores
url	https://bugs.php.net/bug.php?id=77270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/

reference_url	https://security.netapp.com/advisory/ntap-20190315-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190315-0003/

reference_url	https://www.debian.org/security/2019/dsa-4384
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4384

reference_url	https://www.exploit-db.com/exploits/46677/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/46677/

reference_url	http://www.securityfocus.com/bid/106731
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106731

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1672207
reference_id	1672207
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1672207

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920645
reference_id	920645
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920645

reference_url

https://security.archlinux.org/AVG-865

reference_id

AVG-865

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-865

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.5:::::::*
reference_id	cpe:2.3:a:libgd:libgd:2.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store::::::::
reference_id	cpe:2.3:a:netapp:storage_automation_store::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php::::::::
reference_id	cpe:2.3:a:php:php::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.3.0:::::::*
reference_id	cpe:2.3:a:php:php:7.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://github.com/cfreal/exploits/blob/1a671d1d8510e93a0b2607261e9b779562585fe2/CVE-2019-6977-imagecolormatch/exploit.php
reference_id	CVE-2019-6977
reference_type	exploit
scores
url	https://github.com/cfreal/exploits/blob/1a671d1d8510e93a0b2607261e9b779562585fe2/CVE-2019-6977-imagecolormatch/exploit.php

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46677.php
reference_id	CVE-2019-6977
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46677.php

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6977

reference_id

CVE-2019-6977

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6977

reference_url	https://security.gentoo.org/glsa/201903-18
reference_id	GLSA-201903-18
reference_type
scores
url	https://security.gentoo.org/glsa/201903-18

reference_url	https://access.redhat.com/errata/RHSA-2019:2519
reference_id	RHSA-2019:2519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2519

reference_url	https://access.redhat.com/errata/RHSA-2019:3299
reference_id	RHSA-2019:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3299

reference_url	https://access.redhat.com/errata/RHSA-2020:4659
reference_id	RHSA-2020:4659
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4659

reference_url	https://usn.ubuntu.com/3900-1/
reference_id	USN-3900-1
reference_type
scores
url	https://usn.ubuntu.com/3900-1/

fixed_packages

url pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5

purl pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3bce-bp4m-3bcy

vulnerability	VCID-3v99-kbeq-47d8

vulnerability	VCID-6xda-97rd-9bam

vulnerability	VCID-6ysv-9bmx-w7df

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-jun7-q9ts-ebfe

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-r7yv-ryzk-z3e8

vulnerability	VCID-s83u-wk4f-wkfd

vulnerability	VCID-sszm-mvm2-m7ee

vulnerability	VCID-x635-b1cj-m7d7

vulnerability	VCID-zp5r-wjhe-u7b3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5

url pkg:deb/debian/libgd2@2.2.5-5.2

purl pkg:deb/debian/libgd2@2.2.5-5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-jun7-q9ts-ebfe

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-s83u-wk4f-wkfd

vulnerability	VCID-zp5r-wjhe-u7b3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2

aliases CVE-2019-6977

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xda-97rd-9bam

url VCID-6ysv-9bmx-w7df

vulnerability_id VCID-6ysv-9bmx-w7df

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7890.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7890.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7890

reference_id

reference_type

scores

value	0.25333
scoring_system	epss
scoring_elements	0.96165
published_at	2026-04-01T12:55:00Z

value	0.25333
scoring_system	epss
scoring_elements	0.96201
published_at	2026-04-11T12:55:00Z

value	0.25333
scoring_system	epss
scoring_elements	0.96173
published_at	2026-04-02T12:55:00Z

value	0.25333
scoring_system	epss
scoring_elements	0.96181
published_at	2026-04-04T12:55:00Z

value	0.25333
scoring_system	epss
scoring_elements	0.96183
published_at	2026-04-07T12:55:00Z

value	0.25333
scoring_system	epss
scoring_elements	0.96193
published_at	2026-04-08T12:55:00Z

value	0.25333
scoring_system	epss
scoring_elements	0.96196
published_at	2026-04-09T12:55:00Z

value	0.25333
scoring_system	epss
scoring_elements	0.962
published_at	2026-04-12T12:55:00Z

value	0.28056
scoring_system	epss
scoring_elements	0.96482
published_at	2026-04-16T12:55:00Z

value	0.28056
scoring_system	epss
scoring_elements	0.96486
published_at	2026-04-18T12:55:00Z

value	0.28056
scoring_system	epss
scoring_elements	0.96475
published_at	2026-04-13T12:55:00Z

value	0.28056
scoring_system	epss
scoring_elements	0.96487
published_at	2026-04-21T12:55:00Z

value	0.30217
scoring_system	epss
scoring_elements	0.96695
published_at	2026-04-26T12:55:00Z

value	0.30217
scoring_system	epss
scoring_elements	0.96696
published_at	2026-04-29T12:55:00Z

value	0.30217
scoring_system	epss
scoring_elements	0.96692
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7890

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1473822
reference_id	1473822
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1473822

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869263
reference_id	869263
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869263

reference_url	https://access.redhat.com/errata/RHSA-2018:0406
reference_id	RHSA-2018:0406
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0406

reference_url	https://access.redhat.com/errata/RHSA-2018:1296
reference_id	RHSA-2018:1296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1296

reference_url	https://usn.ubuntu.com/3389-1/
reference_id	USN-3389-1
reference_type
scores
url	https://usn.ubuntu.com/3389-1/

reference_url	https://usn.ubuntu.com/3389-2/
reference_id	USN-3389-2
reference_type
scores
url	https://usn.ubuntu.com/3389-2/

fixed_packages

url pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11

purl pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pj7-5gy9-97f7

vulnerability	VCID-34yj-pb2j-5faa

vulnerability	VCID-3bce-bp4m-3bcy

vulnerability	VCID-3v99-kbeq-47d8

vulnerability	VCID-4eyx-7fmr-r7dm

vulnerability	VCID-6xda-97rd-9bam

vulnerability	VCID-6ysv-9bmx-w7df

vulnerability	VCID-75xx-y3xu-cqe2

vulnerability	VCID-7rvx-8x2z-7kdm

vulnerability	VCID-9zks-j1fv-ukew

vulnerability	VCID-b878-mmfs-e3g1

vulnerability	VCID-cr4d-8dhn-gkgq

vulnerability	VCID-fcm8-f9e6-83b4

vulnerability	VCID-fwyg-v128-k7c9

vulnerability	VCID-g1b8-dkd3-j3a2

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-habv-tr8c-rucd

vulnerability	VCID-hwys-fv79-b7d8

vulnerability	VCID-jhzv-9ey6-gkdz

vulnerability	VCID-jun7-q9ts-ebfe

vulnerability	VCID-k6qv-tnq5-ybd7

vulnerability	VCID-ku2g-q6cg-ayhc

vulnerability	VCID-m3ve-pf4u-9qhh

vulnerability	VCID-pnee-e13t-57a2

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-r7yv-ryzk-z3e8

vulnerability	VCID-s33d-rhg8-wqej

vulnerability	VCID-s83u-wk4f-wkfd

vulnerability	VCID-sszm-mvm2-m7ee

vulnerability	VCID-tfaf-hb2s-fyb9

vulnerability	VCID-vya2-pzx7-m7c1

vulnerability	VCID-x14b-aaj3-nyed

vulnerability	VCID-x635-b1cj-m7d7

vulnerability	VCID-zp5r-wjhe-u7b3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11

url pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5

purl pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3bce-bp4m-3bcy

vulnerability	VCID-3v99-kbeq-47d8

vulnerability	VCID-6xda-97rd-9bam

vulnerability	VCID-6ysv-9bmx-w7df

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-jun7-q9ts-ebfe

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-r7yv-ryzk-z3e8

vulnerability	VCID-s83u-wk4f-wkfd

vulnerability	VCID-sszm-mvm2-m7ee

vulnerability	VCID-x635-b1cj-m7d7

vulnerability	VCID-zp5r-wjhe-u7b3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5

url pkg:deb/debian/libgd2@2.2.5-5.2

purl pkg:deb/debian/libgd2@2.2.5-5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-jun7-q9ts-ebfe

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-s83u-wk4f-wkfd

vulnerability	VCID-zp5r-wjhe-u7b3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2

aliases CVE-2017-7890

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ysv-9bmx-w7df

url VCID-r7yv-ryzk-z3e8

vulnerability_id VCID-r7yv-ryzk-z3e8

summary

Multiple vulnerabilities have been found in GD, the worst of which
    could result in the remote execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000222.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000222.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000222

reference_id

reference_type

scores

value	0.00897
scoring_system	epss
scoring_elements	0.75716
published_at	2026-04-29T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75671
published_at	2026-04-16T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75675
published_at	2026-04-18T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.7566
published_at	2026-04-21T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75699
published_at	2026-04-24T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75704
published_at	2026-04-26T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75588
published_at	2026-04-07T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75623
published_at	2026-04-08T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75633
published_at	2026-04-13T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.75658
published_at	2026-04-11T12:55:00Z

value	0.00897
scoring_system	epss
scoring_elements	0.7564
published_at	2026-04-12T12:55:00Z

value	0.01215
scoring_system	epss
scoring_elements	0.78981
published_at	2026-04-02T12:55:00Z

value	0.01215
scoring_system	epss
scoring_elements	0.79007
published_at	2026-04-04T12:55:00Z

value	0.01215
scoring_system	epss
scoring_elements	0.78975
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000222

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1621953
reference_id	1621953
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1621953

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906886
reference_id	906886
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906886

reference_url

https://security.archlinux.org/AVG-865

reference_id

AVG-865

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-865

reference_url	https://security.gentoo.org/glsa/201903-18
reference_id	GLSA-201903-18
reference_type
scores
url	https://security.gentoo.org/glsa/201903-18

reference_url	https://usn.ubuntu.com/3755-1/
reference_id	USN-3755-1
reference_type
scores
url	https://usn.ubuntu.com/3755-1/

fixed_packages

url pkg:deb/debian/libgd2@2.2.5-5.2

purl pkg:deb/debian/libgd2@2.2.5-5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-jun7-q9ts-ebfe

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-s83u-wk4f-wkfd

vulnerability	VCID-zp5r-wjhe-u7b3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2

aliases CVE-2018-1000222

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7yv-ryzk-z3e8

url VCID-sszm-mvm2-m7ee

vulnerability_id VCID-sszm-mvm2-m7ee

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11038.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11038.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

reference_id

reference_type

scores

value	0.1054
scoring_system	epss
scoring_elements	0.93291
published_at	2026-04-29T12:55:00Z

value	0.1054
scoring_system	epss
scoring_elements	0.93293
published_at	2026-04-21T12:55:00Z

value	0.1054
scoring_system	epss
scoring_elements	0.93299
published_at	2026-04-24T12:55:00Z

value	0.1054
scoring_system	epss
scoring_elements	0.93295
published_at	2026-04-26T12:55:00Z

value	0.1054
scoring_system	epss
scoring_elements	0.93249
published_at	2026-04-04T12:55:00Z

value	0.1054
scoring_system	epss
scoring_elements	0.93248
published_at	2026-04-07T12:55:00Z

value	0.1054
scoring_system	epss
scoring_elements	0.93256
published_at	2026-04-08T12:55:00Z

value	0.1054
scoring_system	epss
scoring_elements	0.93261
published_at	2026-04-09T12:55:00Z

value	0.1054
scoring_system	epss
scoring_elements	0.93265
published_at	2026-04-11T12:55:00Z

value	0.1054
scoring_system	epss
scoring_elements	0.93262
published_at	2026-04-12T12:55:00Z

value	0.1054
scoring_system	epss
scoring_elements	0.93264
published_at	2026-04-13T12:55:00Z

value	0.1054
scoring_system	epss
scoring_elements	0.93282
published_at	2026-04-16T12:55:00Z

value	0.1054
scoring_system	epss
scoring_elements	0.93287
published_at	2026-04-18T12:55:00Z

value	0.10719
scoring_system	epss
scoring_elements	0.93303
published_at	2026-04-02T12:55:00Z

value	0.10719
scoring_system	epss
scoring_elements	0.93295
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11039
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11039

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11040
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11040

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1724149
reference_id	1724149
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1724149

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821
reference_id	929821
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821

reference_url	https://access.redhat.com/errata/RHSA-2019:2519
reference_id	RHSA-2019:2519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2519

reference_url	https://access.redhat.com/errata/RHSA-2019:3299
reference_id	RHSA-2019:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3299

reference_url	https://usn.ubuntu.com/4316-1/
reference_id	USN-4316-1
reference_type
scores
url	https://usn.ubuntu.com/4316-1/

reference_url	https://usn.ubuntu.com/4316-2/
reference_id	USN-4316-2
reference_type
scores
url	https://usn.ubuntu.com/4316-2/

fixed_packages

url pkg:deb/debian/libgd2@2.2.5-5.2

purl pkg:deb/debian/libgd2@2.2.5-5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-jun7-q9ts-ebfe

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-s83u-wk4f-wkfd

vulnerability	VCID-zp5r-wjhe-u7b3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2

aliases CVE-2019-11038

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sszm-mvm2-m7ee

url VCID-x635-b1cj-m7d7

vulnerability_id VCID-x635-b1cj-m7d7

summary

Multiple vulnerabilities have been found in GD, the worst of which
    could result in the remote execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6978.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6978.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6978

reference_id

reference_type

scores

value	0.02564
scoring_system	epss
scoring_elements	0.8545
published_at	2026-04-01T12:55:00Z

value	0.02564
scoring_system	epss
scoring_elements	0.85512
published_at	2026-04-09T12:55:00Z

value	0.02564
scoring_system	epss
scoring_elements	0.8548
published_at	2026-04-04T12:55:00Z

value	0.02564
scoring_system	epss
scoring_elements	0.85483
published_at	2026-04-07T12:55:00Z

value	0.02564
scoring_system	epss
scoring_elements	0.85503
published_at	2026-04-08T12:55:00Z

value	0.02564
scoring_system	epss
scoring_elements	0.85526
published_at	2026-04-11T12:55:00Z

value	0.02564
scoring_system	epss
scoring_elements	0.85525
published_at	2026-04-12T12:55:00Z

value	0.02564
scoring_system	epss
scoring_elements	0.85521
published_at	2026-04-13T12:55:00Z

value	0.02564
scoring_system	epss
scoring_elements	0.85545
published_at	2026-04-16T12:55:00Z

value	0.02564
scoring_system	epss
scoring_elements	0.8555
published_at	2026-04-18T12:55:00Z

value	0.02564
scoring_system	epss
scoring_elements	0.85463
published_at	2026-04-02T12:55:00Z

value	0.03442
scoring_system	epss
scoring_elements	0.8752
published_at	2026-04-24T12:55:00Z

value	0.03442
scoring_system	epss
scoring_elements	0.87527
published_at	2026-04-26T12:55:00Z

value	0.03442
scoring_system	epss
scoring_elements	0.87526
published_at	2026-04-29T12:55:00Z

value	0.03442
scoring_system	epss
scoring_elements	0.87504
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6978

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
reference_id
reference_type
scores
url	https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0

reference_url	https://github.com/libgd/libgd/issues/492
reference_id
reference_type
scores
url	https://github.com/libgd/libgd/issues/492

reference_url	https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae
reference_id
reference_type
scores
url	https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae

reference_url	https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/

reference_url	https://www.debian.org/security/2019/dsa-4384
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4384

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1671390
reference_id	1671390
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1671390

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920728
reference_id	920728
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920728

reference_url

https://security.archlinux.org/AVG-865

reference_id

AVG-865

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-865

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.5:::::::*
reference_id	cpe:2.3:a:libgd:libgd:2.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6978

reference_id

CVE-2019-6978

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6978

reference_url	https://security.gentoo.org/glsa/201903-18
reference_id	GLSA-201903-18
reference_type
scores
url	https://security.gentoo.org/glsa/201903-18

reference_url	https://access.redhat.com/errata/RHSA-2019:2722
reference_id	RHSA-2019:2722
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2722

reference_url	https://access.redhat.com/errata/RHSA-2020:3943
reference_id	RHSA-2020:3943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3943

reference_url	https://access.redhat.com/errata/RHSA-2020:4659
reference_id	RHSA-2020:4659
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4659

reference_url	https://usn.ubuntu.com/3900-1/
reference_id	USN-3900-1
reference_type
scores
url	https://usn.ubuntu.com/3900-1/

fixed_packages

url pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5

purl pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3bce-bp4m-3bcy

vulnerability	VCID-3v99-kbeq-47d8

vulnerability	VCID-6xda-97rd-9bam

vulnerability	VCID-6ysv-9bmx-w7df

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-jun7-q9ts-ebfe

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-r7yv-ryzk-z3e8

vulnerability	VCID-s83u-wk4f-wkfd

vulnerability	VCID-sszm-mvm2-m7ee

vulnerability	VCID-x635-b1cj-m7d7

vulnerability	VCID-zp5r-wjhe-u7b3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5

url pkg:deb/debian/libgd2@2.2.5-5.2

purl pkg:deb/debian/libgd2@2.2.5-5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3zj-r8ag-a7ej

vulnerability	VCID-jun7-q9ts-ebfe

vulnerability	VCID-qqe4-4aja-j7dz

vulnerability	VCID-s83u-wk4f-wkfd

vulnerability	VCID-zp5r-wjhe-u7b3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2

aliases CVE-2019-6978

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x635-b1cj-m7d7

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2

Package Instance