SUSE CVE-2016-10166

Integer underflow in the gdContributionsAlloc function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable...

Slackware: Security Advisory (SSA:2017-199-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:0568-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-10166

Integer underflow in the gdContributionsAlloc function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable...

Critical: Red Hat Security Advisory: rh-php72-php security update

An update for rh-php72-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: rh-php71-php security, bug fix, and enhancement update

An update for rh-php71-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

PHP 7.1.x < 7.1.26 Multiple vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.40, 7.1.x prior to 7.1.26, 7.2.x prior to 7.2.14 or 7.3.x prior to 7.3.1. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in gdContributionsAlloc...

PHP 5.6.x < 5.6.40 Multiple vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.40, 7.1.x prior to 7.1.26, 7.2.x prior to 7.2.14 or 7.3.x prior to 7.3.1. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in gdContributionsAlloc...

PHP 7.3.x < 7.3.1 Multiple vulnerabilities.

According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.1. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in gdContributionsAlloc function in gdinterpolation.c. An unauthenticated, remote attacker can have...

Internet Bug Bounty: efree() on uninitialized Heap data in imagescale leads to use-after-free

The core bug: https://bugs.php.net/bug.php?id=77269 This bugfix actually involves two vulnerabilities: a call to efree on uninitialized data and another free based vulnerability. What is described below is a bug that was fixed in libgd two years ago CVE-2016-10166, but the patch was never applied...

SUSE SLES12 Security Update : php5 (SUSE-SU-2017:0556-1)

This update for php5 fixes the following issues : - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service bsc1019550 - CVE-2016-10158: The exifconvertanytoint function in ext/exif/exif.c in PHP allowed remote attackers to cause a...

SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0534-1)

This update for php7 fixes the following security issues : - CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service uninitialized...

Slackware 14.2 / current : gd (SSA:2017-199-02)

New gd packages are available for Slackware 14.2 and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-199-02. The text itself is copyright C Slackware...

[slackware-security] gd

New gd packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/gd-2.2.4-i586-1slack14.2.txz: Upgraded. Fixes security issues: gdImageCreate doesn't check for oversized images and as such is prone to Do...

USN-3213-1: GD library vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Stefan Esser discovered that the GD library incorrectly handled memory when processing certain images. If a user or automated system were tricked into processing a specially crafted image, an attacker cou...

CVE-2016-10166

Integer underflow in the gdContributionsAlloc function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable...

CVE-2016-10166

CVE-2016-10166 affects libgd (GD Graphics Library). The vulnerability is an integer underflow in _gdContributionsAlloc in gd_interpolation.c, exploited via inputs that decrement the u variable, and affects libgd up to versions before 2.2.4. Public advisories describe potential impact including de...

CVE-2016-10166

Integer underflow in the gdContributionsAlloc function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable...

CVE-2016-10166

Integer underflow in the gdContributionsAlloc function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable...

Security update for php7 (important)

This update for php7 fixes the following security issues: - CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service uninitialized...