CVE-2026-42639

CVE-2026-42639 concerns the WordPress plugin GD Rating System (versions

ALPINE-CVE-2026-11526

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

EUVD-2026-36659

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

CVE-2026-11526

The CVE-2026-11526 issue affects GD for Perl (versions before 2.86). The vulnerability lies in GD::Image::_make_filehandle, which uses a 2-arg open() on filename arguments, causing any filename starting/ending with a pipe or redirect to be executed as a command or redirected, leading to OS comman...

CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

perl-GD-2.860.0-1.1 on GA media (moderate)

perl-GD-2.860.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:11017-1 Rating: moderate Cross-References: CVE-2026-11526 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2026:11017-1 perl-GD-2.860.0-1.1 on GA media

These are all security issues fixed in the perl-GD-2.860.0-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-49088

Name of the Vulnerable Software and Affected Versions GD for Perl versions prior to 2.86 Description The make filehandle function in GD::Image uses Perl's 2-arg open to process filename arguments. This allows OS command injection and file overwrite if a filename begins or ends with a pipe e.g., "...

Unity Linux 20.1060e / 20.1070e Security Update: gd (UTSA-2026-016663)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016663 advisory. readheadertga in gdtga.c in the GD Graphics Library aka LibGD through 2.3.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA...

Unity Linux 20.1070e Security Update: gd (UTSA-2026-016717)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016717 advisory. gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is The GD2 image format is a proprietary...

SUSE CVE-2026-8087

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...

UBUNTU-CVE-2026-43440

In the Linux kernel, the following vulnerability has been resolved: net/mana: Null servicewq on setup error to prevent double destroy In managdsetup error path, set gc-servicewq to NULL after destroyworkqueue to match the cleanup in managdcleanup. This prevents a use-after-free if the workqueue...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the managdcleanup function in the mana driver. This function does not check whether gc-servicewq ...

Astra Linux – Vulnerability in libgd2

The readheadertga function in gdtga.c within the GD Graphics Library also known as LibGD in versions up to 2.3.2 allows remote attackers to cause a denial of service out-of-bounds read through a crafted TGA file...

CLSA-2026-1777541021 gd: Fix of CVE-2021-40145

CVE-2021-40145: Fix a double free in gdImageGd2Ptr in gdgd2.c in the GD Graphics Library...

Malicious code in gd-auth (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 baa9851d66a8d40c23baf029f186e4f8f5366381dadb2d3ecc8cb9420e5e3997 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2540 Malicious code in gd-auth (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 baa9851d66a8d40c23baf029f186e4f8f5366381dadb2d3ecc8cb9420e5e3997 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Exploit for Out-of-bounds Read in Php

CVE-2022-31630 – Proof of Concept Exploit Peringatan: Kode ini...

Exploit for Out-of-bounds Read in Php

CVE-2022-31630 - Proof of Concept Exploit untuk PHP 7.4.33 Per...