EUVD-2014-5018

Malware in sbrugna...

OPENSUSE-SU-2021:3236-1 Security update for gd

This update for gd fixes the following issues: - CVE-2021-40812: Fixed out-of-bounds read caused by the lack of certain gdGetBuf and gdPutBuf return value checks bsc1190400...

Authorization Bypass

php54-php is vulnerable to authorization bypass. The vulnerability exists in gdctx.c in the GD component...

MGASA-2019-0042 Updated php packages fix security vulnerabilities

Several buffer overflows in the components GD, MBString, Phar and XMLRPC were discovered and fixed...

The vulnerability of the PHP interpreter allows a remote attacker to cause an application to terminate abnormally.

The vulnerability in the PHP interpreter’s GetCode function, located in the gdgifin.c file of the GD component, allows a malicious actor to cause an unexpected termination of the application by reading memory beyond the buffer using a specially crafted GIF image. This image is incorrectly process...

PHP GD Component Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.GD is one of the graphical extensions library component. A denial of service vulnerability exists in the GD componen...

SOL15761 - Multiple PHP 5.x vulnerabilities

CVE-2014-2497 The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted color table in an XPM file. CVE-2014-3597 Multiple buffer overflows in the...

Amazon Linux AMI : php55 (ALAS-2014-415)

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. gdctx.c in the GD component in PHP 5.4.x befo...

Medium: php55

Issue Overview: A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. gdctx.c in the GD component i...

Mandriva Linux Security Advisory : php (MDVSA-2014:172)

Multiple vulnerabilities has been discovered and corrected in php : The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted color table in an XPM fil...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...

CVE-2014-5120

CVE-2014-5120 affects the PHP GD extension. gd_ctx.c does not ensure that pathnames lack a NUL (%00) sequence, enabling remote attackers to overwrite arbitrary files via crafted input when calling the imagegd, imagegd2, imagegif, imagejpeg, imagepng, imagewbmp, or imagewebp functions. Affected ve...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...