VulnerableCode Package Details - pkg:deb/ubuntu/libgd2@2.2.5-5.2ubuntu0.19.10.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-11fp-nddr-aaah Aliases: CVE-2021-40145	gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.	2.2.5-5.2ubuntu2.1 Affected by 0 other vulnerabilities.
VCID-dq4w-ytv8-aaaj Aliases: CVE-2021-38115	read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.	2.2.5-5.2ubuntu2.1 Affected by 0 other vulnerabilities.
VCID-tdps-rxdb-aaar Aliases: CVE-2017-6363	In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'	2.2.5-5.2ubuntu2.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-11fp-nddr-aaah
Aliases:
CVE-2021-40145

gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.

2.2.5-5.2ubuntu2.1
Affected by 0 other vulnerabilities.

VCID-dq4w-ytv8-aaaj
Aliases:
CVE-2021-38115

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

2.2.5-5.2ubuntu2.1
Affected by 0 other vulnerabilities.

VCID-tdps-rxdb-aaar
Aliases:
CVE-2017-6363

In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'

2.2.5-5.2ubuntu2.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-u1pm-j7sq-aaae	gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).	CVE-2018-14553

Vulnerability

Summary

Aliases

VCID-u1pm-j7sq-aaae

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

CVE-2018-14553

Next non-vulnerable version	2.2.5-5.2ubuntu2.1
Latest non-vulnerable version	2.2.5-5.2ubuntu2.1
Risk	3.6