Search for packages
| purl | pkg:deb/ubuntu/libgd2@2.1.0-3ubuntu0.1 |
| Next non-vulnerable version | 2.2.5-5.2ubuntu2.1 |
| Latest non-vulnerable version | 2.2.5-5.2ubuntu2.1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-11fp-nddr-aaah
Aliases: CVE-2021-40145 |
gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes. |
Affected by 0 other vulnerabilities. |
|
VCID-2bzc-1p3m-aaac
Aliases: CVE-2019-11038 |
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. |
Affected by 4 other vulnerabilities. |
|
VCID-2tge-77hh-aaaa
Aliases: CVE-2016-9933 |
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. |
Affected by 29 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-3y4n-zzn6-aaaq
Aliases: CVE-2017-7890 |
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. |
Affected by 35 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-89gd-h6gs-aaak
Aliases: CVE-2016-8670 |
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call. |
Affected by 33 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-939g-ekf5-aaaf
Aliases: CVE-2016-6912 |
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values. |
Affected by 29 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-94nq-rmpp-aaas
Aliases: CVE-2016-6161 |
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. |
Affected by 32 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-966x-d9ba-aaan
Aliases: CVE-2016-10168 |
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. |
Affected by 29 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-9kqb-d7xd-aaaj
Aliases: CVE-2017-6362 |
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. |
Affected by 35 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-9sy2-ywfg-aaaf
Aliases: CVE-2016-10166 |
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. |
Affected by 29 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-caws-uvhf-aaas
Aliases: CVE-2016-10167 |
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. |
Affected by 29 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-dq4w-ytv8-aaaj
Aliases: CVE-2021-38115 |
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. |
Affected by 0 other vulnerabilities. |
|
VCID-edy3-47s2-aaac
Aliases: CVE-2016-5116 |
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name. |
Affected by 32 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-fjtq-2h7k-aaam
Aliases: CVE-2016-6207 |
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors. |
Affected by 32 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-huby-p431-aaap
Aliases: CVE-2018-5711 |
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. |
Affected by 6 other vulnerabilities. |
|
VCID-ndqf-auts-aaaf
Aliases: CVE-2018-1000222 |
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. |
Affected by 33 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-nepf-h3cq-aaaa
Aliases: CVE-2016-7568 |
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls. |
Affected by 33 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-pshb-43sm-aaac
Aliases: CVE-2016-6905 |
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. |
Affected by 32 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-ptqg-p2rg-aaar
Aliases: CVE-2016-6132 |
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. |
Affected by 32 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-qg6r-qqzg-aaag
Aliases: CVE-2019-6978 |
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. |
Affected by 5 other vulnerabilities. |
|
VCID-r7yh-9kwn-aaaa
Aliases: CVE-2018-15878 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. |
Affected by 33 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-rn5n-h3v5-aaab
Aliases: CVE-2013-7456 |
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function. |
Affected by 32 other vulnerabilities. |
|
VCID-sege-gvw4-aaab
Aliases: CVE-2018-15879 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. |
Affected by 33 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-tdps-rxdb-aaar
Aliases: CVE-2017-6363 |
In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.' |
Affected by 0 other vulnerabilities. |
|
VCID-tsak-pk1q-aaaq
Aliases: CVE-2016-9317 |
The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image. |
Affected by 29 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-u1pm-j7sq-aaae
Aliases: CVE-2018-14553 |
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-uhyw-tms4-aaac
Aliases: CVE-2016-6128 |
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. |
Affected by 32 other vulnerabilities. Affected by 27 other vulnerabilities. |
|
VCID-uxa2-wmru-aaab
Aliases: CVE-2016-6906 |
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer. |
Affected by 29 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-wbym-fhkg-aaad
Aliases: CVE-2016-6214 |
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. |
Affected by 32 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-yrcw-8xnb-aaac
Aliases: CVE-2016-6911 |
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. |
Affected by 33 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-yrku-ufk1-aaaj
Aliases: CVE-2019-6977 |
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. |
Affected by 35 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-z4s5-bu95-aaam
Aliases: CVE-2016-5766 |
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. |
Affected by 32 other vulnerabilities. Affected by 27 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-89dv-wehr-aaad | The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. |
CVE-2014-2497
|
| VCID-by86-uz8j-aaag | Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. |
CVE-2015-8874
|
| VCID-cwxp-gkc7-aaaq | The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. |
CVE-2014-9709
|
| VCID-shyf-r48n-aaac | Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. |
CVE-2016-3074
|
| VCID-vt1b-tw4x-aaae | The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function. |
CVE-2015-8877
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|