Libgd

libgd

39 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (39)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-40812 1Libgd 1Libgd Nov 21, 2024 Sep 8, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.
CVE-2021-40145 1Libgd 1Libgd Nov 21, 2024 Aug 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as bein...Show more gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.Show less
CVE-2021-38115 1Libgd 1Libgd Nov 21, 2024 Aug 4, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2017-6363 1Libgd 1Libgd Nov 21, 2024 Feb 27, 2020 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats...Show more In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'Show less
CVE-2018-14553 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Nov 21, 2024 Feb 11, 2020 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (...Show more gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).Show less
CVE-2019-11038 8Canonical DebianFedoraproject+5 more 13Debian Linux Enterprise LinuxFedora+10 more Nov 21, 2024 Jun 19, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to...Show more When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.Show less
CVE-2019-6978 3Canonical DebianLibgd 3Debian Linux LibgdUbuntu Linux Nov 21, 2024 Jan 28, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
CVE-2019-6977 5Canonical DebianLibgd+2 more 5Debian Linux LibgdPhp+2 more Nov 21, 2024 Jan 27, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap...Show more gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.Show less
CVE-2018-1000222 3Canonical DebianLibgd 3Debian Linux LibgdUbuntu Linux Nov 21, 2024 Aug 20, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigge...Show more Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.Show less
CVE-2017-6362 4Canonical DebianFedoraproject+1 more 4Debian Linux FedoraLibgd+1 more May 13, 2026 Sep 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
CVE-2016-10168 1Libgd 1Libgd May 13, 2026 Mar 15, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
CVE-2016-10167 1Libgd 1Libgd May 13, 2026 Mar 15, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10166 1Libgd 1Libgd May 13, 2026 Mar 15, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the...Show more Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.Show less
CVE-2016-6906 1Libgd 1Libgd May 13, 2026 Mar 15, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression b...Show more The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.Show less
CVE-2016-9317 1Libgd 1Libgd May 13, 2026 Jan 26, 2017 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.
CVE-2016-6912 1Libgd 1Libgd May 13, 2026 Jan 26, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
CVE-2016-6911 1Libgd 1Libgd May 13, 2026 Jan 26, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
CVE-2016-9933 1Libgd 1Libgd May 6, 2026 Jan 4, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a deni...Show more Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.Show less
CVE-2016-8670 1Libgd 1Libgd May 6, 2026 Jan 4, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of...Show more Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.Show less
CVE-2016-6905 2Libgd Opensuse 3Leap LibgdOpensuse May 6, 2026 Oct 3, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.

12 Next