[SECURITY] Fedora 28 Update: gd-2.2.5-3.fc28

The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the...

Medium: php56, php70, php71

Issue Overview: Reflected XSS in .phar 404 page An issue was discovered in PHP; there is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. CVE-2018-5712 Denial of Service DoS via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gdgifin.c Th...

chromium-browser: integer overflow in blink

Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

Google Chrome for Mac, Windows and Linux WebGL Information Disclosure Vulnerability

Google Chrome for Mac, Windows and Linux is a web browser developed by Google for the Mac, Windows and Linux platforms.WebGL is one of the 3D drawing standards. A security vulnerability exists in WebGL in versions of Google Chrome prior to 64.0.3282.119 for Windows, Mac and Linux platforms. A...

PHP < 5.6.33, 7.x < 7.0.27, 7.1.x < 7.1.13, 7.2.x < 7.2.1 Multiple Vulnerabilities - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP < 5.6.33, 7.x < 7.0.27, 7.1.x < 7.1.13, 7.2.x < 7.2.1 Multiple Vulnerabilities - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP GD Graphics Library Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.GD Graphics Library also known as libgd or libgd2 is an open source library for dynamically creating images developed by American software...

DEBIAN-CVE-2018-5711

gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or...

Integer overflow

gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or...

ALPINE-CVE-2018-5711

gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or...

CVE-2018-5711

gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or...

CVE-2018-5711

The vulnerability CVE-2018-5711 affects the GD Graphics Library (libgd2) as used by PHP. Affected GIF parsing code in gd_gif_in.c suffers an integer signedness error that can cause an infinite loop when processing crafted GIF data via imagecreatefromgif or imagecreatefromstring, potentially leadi...

UBUNTU-CVE-2018-5711

gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or...

PHP 7.2.x < 7.2.1 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.1. It is, therefore, affected by the following vulnerabilities : - A denial of service DoS vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gdgifin.c script...

PHP 7.0.x < 7.0.27 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.27. It is, therefore, affected by the following vulnerabilities : - A denial of service DoS vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gdgifin.c script...

PHP 7.1.x < 7.1.13 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.13. It is, therefore, affected by the following vulnerabilities : - A denial of service DoS vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gdgifin.c script...

Security vulnerabilities fixed in Thunderbird 52.5.2 — Mozilla

A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects...

Mozilla Firefox < 57.0.2

The version of Firefox installed on the remote Windows host is prior to 57.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2017-29 advisory. - A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebG...

Security vulnerabilities fixed in Firefox ESR 52.5.2 — Mozilla

A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects...

PT-2017-15596 · Sdl +1 · Sdl Image +1

Name of the Vulnerable Software and Affected Versions: SDL image version 2.0.1 Description: A buffer overflow vulnerability exists in the XCF property handling functionality. A specially crafted XCF file can cause a stack-based buffer overflow, potentially leading to code execution. An attacker c...