K21336065: GD Graphics Library vulnerability CVE-2016-8670

Security Advisory Description Integer signedness error in the dynamicGetbuf function in gdiodp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service stack-based buffer overflow or possibly hav...

K48448204: PHP vulnerability CVE-2016-6207

Security Advisory Description Integer overflow in the gdContributionsAlloc function in gdinterpolation.c in GD Graphics Library aka libgd before 2.2.3 allows remote attackers to cause a denial of service out-of-bounds memory write or memory consumption via unspecified vectors. CVE-2016-6207 Impac...

K34958244: PHP vulnerability CVE-2016-3074

Security Advisory Description Integer signedness error in GD Graphics Library 2.1.1 aka libgd or libgd2 allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. CVE-2016-3074 Impa...

K95375529: PHP vulnerabilities CVE-2013-7456, CVE-2016-4343, and CVE-2016-5093

Security Advisory Description CVE-2013-7456 gdinterpolation.c in the GD Graphics Library aka libgd before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impa...

K38016814: PHP and libgd vulnerabilities CVE-2016-5116, CVE-2016-6128, CVE-2016-6132, and CVE-2016-6214

Security Advisory Description CVE-2016-5116 gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer...

K03534020: PHP vulnerability CVE-2016-5767

Security Advisory Description Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library aka libgd before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service heap-based buffer overflow and...

SUSE CVE-2004-0990

Integer overflow in GD Graphics Library libgd 2.0.28 libgd2, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the...

SUSE CVE-2007-0455

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted string with a JIS encoded font...

SUSE CVE-2007-3472

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact...

SUSE CVE-2007-3475

The GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to cause a denial of service crash via a GIF image that has no global color map...

SUSE CVE-2007-3473

The gdImageCreateXbm function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to cause a denial of service crash via unspecified vectors involving a gdImageCreate failure...

SUSE CVE-2007-3476

Array index error in gdgifin.c in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to cause a denial of service crash and heap corruption via large color index values in crafted image data, which results in a segmentation fault...

SUSE CVE-2009-1364

Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted WMF file...

SUSE CVE-2011-3052

The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

SUSE CVE-2012-0473

The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allow...

SUSE CVE-2013-7456

gdinterpolation.c in the GD Graphics Library aka libgd before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted image that is mishandled by...

SUSE CVE-2014-2497

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted color table in an XPM file...

SUSE CVE-2016-2824

The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact by triggering use of a WebGL shader th...

SUSE CVE-2016-3074

Integer signedness error in GD Graphics Library 2.1.1 aka libgd or libgd2 allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow...

SUSE CVE-2016-5116

gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer under-read and application crash via a long name...