Unity Linux 20.1070e Security Update: gd (UTSA-2026-016717)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016717 advisory. gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is The GD2 image format is a proprietary...

Linux Distros Unpatched Vulnerability : CVE-2019-11038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2...

CVE-2025-54418

CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing imagick as the image library and either allow file uploads with user-controlled filenames and process...

SUSE CVE-2007-0455

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted string with a JIS encoded font...

SUSE CVE-2007-1376

The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as...

SUSE CVE-2007-3473

The gdImageCreateXbm function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to cause a denial of service crash via unspecified vectors involving a gdImageCreate failure...

SUSE CVE-2013-7226

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer...

SUSE CVE-2013-7328

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service application crash or obtain sensitive information via an imagecrop function call with a negative value for the 1 x or 2 y dimension, a...

SUSE CVE-2013-7327

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return...

SUSE CVE-2015-8877

The gdImageScaleTwoPass function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service memory consumption via a crafted call, as demonstrated ...

SUSE CVE-2016-1903

The gdImageRotateInterpolated function in ext/gd/libgd/gdinterpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service out-of-bounds read and application crash via a large bgdcolor argument to t...

SUSE CVE-2018-14553

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd not bundled...

SUSE CVE-2018-1000222

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit...

AZL-6432 CVE-2021-40145 affecting package gd for versions less than 2.3.0-5

gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes...

gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c

The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected...

Arbitrary Code Execution

gd is vulnerable to arbitrary code execution. The vulnerability exists through a double free issue in the gdImagePtr in gdgifout.c, gdjpeg.c, and gdwbmp.c which allows an attacker to inject arbitrary codes into the system...

Fedora 29 : php (2019-8c4b25b5ec)

"PHP version 7.2.19 30 May 2019 EXIF: - Fixed bug php77988 heap-buffer-overflow on phpjpgget16. CVE-2019-11040 Stas FPM: - Fixed bug php77934 php-fpm kill -USR2 not working. Jakub Zelenka - Fixed bug php77921 static.php.net doesn't work anymore. Peter Kokot GD: - Fixed bug php77943...

ALPINE-CVE-2019-6978

The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c. NOTE: PHP is unaffected...

Fedora 28 : php (2018-b13b720a3d)

PHP version 7.2.4 29 Mar 2018 Core: - Fixed bug php76025 Segfault while throwing exception in errorhandler. Dmitry, Laruence - Fixed bug php76044 'date: illegal option -- -' in ./configure on FreeBSD. Anatol FPM: - Fixed bug php75605 Dumpable FPM child processes allow bypassing opcache access...

Debian DLA-1593-1 : phpbb3 security update

Simon Scannell and Robin Peraglie of RIPS Technologies discovered that passing an absolute path to a fileexists check in phpBB, a full featured web forum, allows remote code execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel...