Search for packages
Package details: pkg:deb/ubuntu/libgd2@2.2.1-1ubuntu3.3
purl pkg:deb/ubuntu/libgd2@2.2.1-1ubuntu3.3
Next non-vulnerable version 2.2.5-5.2ubuntu2.1
Latest non-vulnerable version 2.2.5-5.2ubuntu2.1
Risk 10.0
Vulnerabilities affecting this package (11)
Vulnerability Summary Fixed by
VCID-11fp-nddr-aaah
Aliases:
CVE-2021-40145
gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.
2.2.5-5.2ubuntu2.1
Affected by 0 other vulnerabilities.
VCID-2bzc-1p3m-aaac
Aliases:
CVE-2019-11038
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
2.2.5-5.2
Affected by 4 other vulnerabilities.
VCID-dq4w-ytv8-aaaj
Aliases:
CVE-2021-38115
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
2.2.5-5.2ubuntu2.1
Affected by 0 other vulnerabilities.
VCID-huby-p431-aaap
Aliases:
CVE-2018-5711
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
2.2.5-4ubuntu1
Affected by 6 other vulnerabilities.
VCID-ndqf-auts-aaaf
Aliases:
CVE-2018-1000222
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.
2.2.5-4ubuntu0.2
Affected by 8 other vulnerabilities.
VCID-qg6r-qqzg-aaag
Aliases:
CVE-2019-6978
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
2.2.5-5.1
Affected by 5 other vulnerabilities.
VCID-r7yh-9kwn-aaaa
Aliases:
CVE-2018-15878
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2.2.5-4ubuntu0.2
Affected by 8 other vulnerabilities.
VCID-sege-gvw4-aaab
Aliases:
CVE-2018-15879
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2.2.5-4ubuntu0.2
Affected by 8 other vulnerabilities.
VCID-tdps-rxdb-aaar
Aliases:
CVE-2017-6363
In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'
2.2.5-5.2ubuntu2.1
Affected by 0 other vulnerabilities.
VCID-u1pm-j7sq-aaae
Aliases:
CVE-2018-14553
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
2.2.5-5.2ubuntu0.19.10.1
Affected by 3 other vulnerabilities.
2.2.5-5.2ubuntu1
Affected by 3 other vulnerabilities.
VCID-yrku-ufk1-aaaj
Aliases:
CVE-2019-6977
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
2.2.5-4ubuntu0.3
Affected by 7 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version