VulnerableCode Package Details - pkg:apk/alpine/gd@2.3.0-r0?arch=aarch64&distroversion=v3.22&reponame=main

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apk/alpine/gd@2.3.0-r0?arch=aarch64&distroversion=v3.22&reponame=main

purl	pkg:apk/alpine/gd@2.3.0-r0?arch=aarch64&distroversion=v3.22&reponame=main

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-jun7-q9ts-ebfe	In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'	CVE-2017-6363
VCID-sszm-mvm2-m7ee	security update	CVE-2019-11038
VCID-zp5r-wjhe-u7b3	gd: NULL pointer dereference in gdImageClone	CVE-2018-14553

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T17:58:49.113322+00:00	Alpine Linux Importer	Fixing	VCID-zp5r-wjhe-u7b3	https://secdb.alpinelinux.org/v3.22/main.json	38.1.0
2026-04-03T17:53:00.381388+00:00	Alpine Linux Importer	Fixing	VCID-sszm-mvm2-m7ee	https://secdb.alpinelinux.org/v3.22/main.json	38.1.0
2026-04-01T19:14:57.196214+00:00	Alpine Linux Importer	Fixing	VCID-jun7-q9ts-ebfe	https://secdb.alpinelinux.org/v3.22/main.json	38.0.0