VulnerableCode Package Details - pkg:deb/debian/libgd2@2.3.0-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-g3zj-r8ag-a7ej Aliases: CVE-2021-38115	read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.	2.3.3-9 Affected by 0 other vulnerabilities.
VCID-qqe4-4aja-j7dz Aliases: CVE-2021-40145	gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.	2.3.3-9 Affected by 0 other vulnerabilities.
VCID-s83u-wk4f-wkfd Aliases: CVE-2021-40812	The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.	2.3.3-9 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-g3zj-r8ag-a7ej
Aliases:
CVE-2021-38115

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

2.3.3-9
Affected by 0 other vulnerabilities.

VCID-qqe4-4aja-j7dz
Aliases:
CVE-2021-40145

gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.

2.3.3-9
Affected by 0 other vulnerabilities.

VCID-s83u-wk4f-wkfd
Aliases:
CVE-2021-40812

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

2.3.3-9
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-jun7-q9ts-ebfe	In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'	CVE-2017-6363
VCID-zp5r-wjhe-u7b3	gd: NULL pointer dereference in gdImageClone	CVE-2018-14553

Vulnerability

Summary

Aliases

VCID-jun7-q9ts-ebfe

In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'

CVE-2017-6363

VCID-zp5r-wjhe-u7b3

gd: NULL pointer dereference in gdImageClone

CVE-2018-14553

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T00:26:51.232202+00:00	Debian Oval Importer	Affected by	VCID-qqe4-4aja-j7dz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:47:15.545446+00:00	Debian Oval Importer	Fixing	VCID-jun7-q9ts-ebfe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:39:06.723465+00:00	Debian Oval Importer	Affected by	VCID-g3zj-r8ag-a7ej	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:27:35.782348+00:00	Debian Oval Importer	Affected by	VCID-s83u-wk4f-wkfd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:58:48.384722+00:00	Debian Oval Importer	Fixing	VCID-zp5r-wjhe-u7b3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-12T00:00:16.891598+00:00	Debian Oval Importer	Affected by	VCID-qqe4-4aja-j7dz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:32:00.214847+00:00	Debian Oval Importer	Fixing	VCID-jun7-q9ts-ebfe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:23:38.298013+00:00	Debian Oval Importer	Affected by	VCID-g3zj-r8ag-a7ej	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:14:05.829177+00:00	Debian Oval Importer	Affected by	VCID-s83u-wk4f-wkfd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:45:26.519365+00:00	Debian Oval Importer	Fixing	VCID-zp5r-wjhe-u7b3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T23:31:46.403587+00:00	Debian Oval Importer	Affected by	VCID-qqe4-4aja-j7dz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:17:08.168853+00:00	Debian Oval Importer	Fixing	VCID-jun7-q9ts-ebfe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:09:35.719969+00:00	Debian Oval Importer	Affected by	VCID-g3zj-r8ag-a7ej	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:02:48.250190+00:00	Debian Oval Importer	Affected by	VCID-s83u-wk4f-wkfd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:35:48.417402+00:00	Debian Oval Importer	Fixing	VCID-zp5r-wjhe-u7b3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0