VulnerableCode Package Details - pkg:deb/ubuntu/libgd2@2.2.5-5.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-11fp-nddr-aaah Aliases: CVE-2021-40145	gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.	2.2.5-5.2ubuntu2.1 Affected by 0 other vulnerabilities.
VCID-dq4w-ytv8-aaaj Aliases: CVE-2021-38115	read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.	2.2.5-5.2ubuntu2.1 Affected by 0 other vulnerabilities.
VCID-tdps-rxdb-aaar Aliases: CVE-2017-6363	In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'	2.2.5-5.2ubuntu2.1 Affected by 0 other vulnerabilities.
VCID-u1pm-j7sq-aaae Aliases: CVE-2018-14553	gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).	2.2.5-5.2ubuntu0.19.10.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.5-5.2ubuntu1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-11fp-nddr-aaah
Aliases:
CVE-2021-40145

gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.

2.2.5-5.2ubuntu2.1
Affected by 0 other vulnerabilities.

VCID-dq4w-ytv8-aaaj
Aliases:
CVE-2021-38115

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

2.2.5-5.2ubuntu2.1
Affected by 0 other vulnerabilities.

VCID-tdps-rxdb-aaar
Aliases:
CVE-2017-6363

In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'

2.2.5-5.2ubuntu2.1
Affected by 0 other vulnerabilities.

VCID-u1pm-j7sq-aaae
Aliases:
CVE-2018-14553

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

2.2.5-5.2ubuntu0.19.10.1
Affected by 3 other vulnerabilities.

2.2.5-5.2ubuntu1
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2bzc-1p3m-aaac	When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.	CVE-2019-11038

Vulnerability

Summary

Aliases

VCID-2bzc-1p3m-aaac

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.

CVE-2019-11038

Next non-vulnerable version	2.2.5-5.2ubuntu2.1
Latest non-vulnerable version	2.2.5-5.2ubuntu2.1
Risk	3.6