EUVD-2014-5018

Malware in sbrugna...

OPENSUSE-SU-2021:3236-1 Security update for gd

This update for gd fixes the following issues: - CVE-2021-40812: Fixed out-of-bounds read caused by the lack of certain gdGetBuf and gdPutBuf return value checks bsc1190400...

Authorization Bypass

php54-php is vulnerable to authorization bypass. The vulnerability exists in gdctx.c in the GD component...

MGASA-2019-0042 Updated php packages fix security vulnerabilities

Several buffer overflows in the components GD, MBString, Phar and XMLRPC were discovered and fixed...

PHP GD Component Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.GD is one of the graphical extensions library component. A denial of service vulnerability exists in the GD componen...

SOL15761 - Multiple PHP 5.x vulnerabilities

CVE-2014-2497 The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted color table in an XPM file. CVE-2014-3597 Multiple buffer overflows in the...

Amazon Linux AMI : php55 (ALAS-2014-415)

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. gdctx.c in the GD component in PHP 5.4.x befo...

Medium: php55

Issue Overview: A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. gdctx.c in the GD component i...

Mandriva Linux Security Advisory : php (MDVSA-2014:172)

Multiple vulnerabilities has been discovered and corrected in php : The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted color table in an XPM fil...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...

CVE-2014-5120

CVE-2014-5120 affects the PHP GD extension. gd_ctx.c does not ensure that pathnames lack a NUL (%00) sequence, enabling remote attackers to overwrite arbitrary files via crafted input when calling the imagegd, imagegd2, imagegif, imagejpeg, imagepng, imagewbmp, or imagewebp functions. Affected ve...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...