USN-7112-1 libgd2 vulnerability

It was discovered that the GD Graphics Library did not perform proper bounds checking while handling BMP and WebP files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service application crash...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : GD Graphics Library vulnerability (USN-7112-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7112-1 advisory. It was discovered that the GD Graphics Library did not perform proper bounds checking while handling BMP and WebP files. If a...

RHEL 5 : gd,_php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gd, php: Stack based buffer overflow in dynamicGetbuf CVE-2016-8670 - The dynamicGetbuf function in the G...

RHEL 7 : gd,_php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gd, php: Stack based buffer overflow in dynamicGetbuf CVE-2016-8670 - The dynamicGetbuf function in the G...

RHEL 5 : gd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gd: Double free in the gdImagePtr in gdgifout.c, gdjpeg.c, and gdwbmp.c CVE-2019-6978 - The...

RHEL 6 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php: buffer overflow in handling of long link names in tar phar archives CVE-2016-2554 - php: Uninitializ...

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2019-6978, CVE-2019-6977)

Summary The following vulnerabilities in PHP have been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2019-6978 DESCRIPTION: The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c...

Ubuntu 16.04 LTS / 18.04 LTS : GD Graphics Library vulnerabilities (USN-4316-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4316-1 advisory. It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphi...

Important: gd

Issue Overview: DISPUTED gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and...

Security Bulletin: Vulnerabilities in php5 affect IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in php5. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in php5. Vulnerability Details CVEID: CVE-2016-6911 Description:...

K21336065: GD Graphics Library vulnerability CVE-2016-8670

Security Advisory Description Integer signedness error in the dynamicGetbuf function in gdiodp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service stack-based buffer overflow or possibly hav...

K48448204: PHP vulnerability CVE-2016-6207

Security Advisory Description Integer overflow in the gdContributionsAlloc function in gdinterpolation.c in GD Graphics Library aka libgd before 2.2.3 allows remote attackers to cause a denial of service out-of-bounds memory write or memory consumption via unspecified vectors. CVE-2016-6207 Impac...

K34958244: PHP vulnerability CVE-2016-3074

Security Advisory Description Integer signedness error in GD Graphics Library 2.1.1 aka libgd or libgd2 allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. CVE-2016-3074 Impa...

K95375529: PHP vulnerabilities CVE-2013-7456, CVE-2016-4343, and CVE-2016-5093

Security Advisory Description CVE-2013-7456 gdinterpolation.c in the GD Graphics Library aka libgd before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impa...

K38016814: PHP and libgd vulnerabilities CVE-2016-5116, CVE-2016-6128, CVE-2016-6132, and CVE-2016-6214

Security Advisory Description CVE-2016-5116 gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer...

K03534020: PHP vulnerability CVE-2016-5767

Security Advisory Description Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library aka libgd before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service heap-based buffer overflow and...

SUSE CVE-2007-0455

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted string with a JIS encoded font...

SUSE CVE-2007-3475

The GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to cause a denial of service crash via a GIF image that has no global color map...

SUSE CVE-2007-3473

The gdImageCreateXbm function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to cause a denial of service crash via unspecified vectors involving a gdImageCreate failure...

SUSE CVE-2013-7456

gdinterpolation.c in the GD Graphics Library aka libgd before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted image that is mishandled by...