Astra Linux - уязвимость в libgd2

In the gdgd2.c file of the GD Graphics Library also known as LibGD, the function gdImageGd2Ptr has a double-free issue starting from version 2.3. NOTE: The vendor’s stance is that the GD2 image format is a proprietary image format of LibGD. It should be considered obsolete and should only be used...

CLSA-2026-1777541021 gd: Fix of CVE-2021-40145

CVE-2021-40145: Fix a double free in gdImageGd2Ptr in gdgd2.c in the GD Graphics Library...

MiracleLinux 7 : php-5.4.16-43.el7 (AXSA:2017-2413:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2413:01 advisory. A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to...

gd2.com Improper Access Control vulnerability OBB-3799940

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

K71581599: libgd vulnerability CVE-2016-6161

Security Advisory Description The output function in gdgifout.c in the GD Graphics Library aka libgd allows remote attackers to cause a denial of service out-of-bounds read via a crafted image. CVE-2016-6161 Impact When using PHP to generate GIF images, it is possible for a specially crafted GD2...

OESA-2022-1613 gd security update

The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. The most common applications of GD involve website development, although it can be...

gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete and should only be used for development and testing purposes.

...

EulerOS 2.0 SP9 : gd (EulerOS-SA-2021-2708)

According to the versions of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - readheadertga in gdtga.c in the GD Graphics Library aka LibGD through 2.3.2 allows remote attackers to cause a denial of service out-of-bounds read v...

Fix of CVE: CVE-2017-6363, CVE-2021-40145

CVE-2021-40145: check for memory allocation errors processing GD2 images - CVE-2017-6363: make sure transparent index is within bounds of the palette...

UBUNTU-CVE-2021-40145

gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes...

PT-2021-7338

Name of the Vulnerable Software and Affected Versions GD Graphics Library aka LibGD versions through 2.3.2 Description The issue is related to a double free in the gdImageGd2Ptr function in the gd gd2.c component of the GD Graphics Library. This can be exploited by a remote attacker to cause a...

gd: Integer overflow in _gd2GetHeader() resulting in heap overflow

An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd vi...

CVE-2017-6363

In the GD Graphics Library aka LibGD through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gdtiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and...

CVE-2016-10168

An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running...

Buffer Overflow

libgd.so is vulnerable to buffer overflow. The attacker can send a malicious gd2 palette image exceeding a maximum color value gdMaxColors in the function gdGetColors to trigger a buffer overrun...

EulerOS Virtualization for ARM 64 3.0.1.0 : php (EulerOS-SA-2019-1402)

According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid inp...

gd: DoS vulnerability in gdImageCreateFromGd2Ctx()

A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service...

gd: Integer overflow in gd_io.c

An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running...

gd: DoS vulnerability in gdImageCreateFromGd2Ctx()

A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service...

gd: Integer overflow in gd_io.c

An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running...