485 matches found
RHEL 5 : gd,_php (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gd, php: Stack based buffer overflow in dynamicGetbuf CVE-2016-8670 - The dynamicGetbuf function in the G...
Debian dla-3781 : libgd-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3781 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3781-1 [email protected]...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2019-6978, CVE-2019-6977)
Summary The following vulnerabilities in PHP have been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2019-6978 DESCRIPTION: The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c...
Rocky Linux 8 : gd (RLSA-2020:4659)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4659 advisory. - gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific functio...
Ubuntu 16.04 LTS / 18.04 LTS : GD Graphics Library vulnerabilities (USN-4316-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4316-1 advisory. It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphi...
Moderate Photon OS Security Update - PHSA-2023-4.0-0438
Updates of 'libgd' packages of Photon OS have been released...
Moderate Photon OS Security Update - PHSA-2023-3.0-0612
Updates of 'libgd' packages of Photon OS have been released...
Amazon Linux AMI : gd (ALAS-2023-1721)
The version of gd installed on the remote host is prior to 2.0.35-11.11. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1721 advisory. DISPUTED gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position ...
K21336065: GD Graphics Library vulnerability CVE-2016-8670
Security Advisory Description Integer signedness error in the dynamicGetbuf function in gdiodp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service stack-based buffer overflow or possibly hav...
K71581599: libgd vulnerability CVE-2016-6161
Security Advisory Description The output function in gdgifout.c in the GD Graphics Library aka libgd allows remote attackers to cause a denial of service out-of-bounds read via a crafted image. CVE-2016-6161 Impact When using PHP to generate GIF images, it is possible for a specially crafted GD2...
K43267483: PHP vulnerability CVE-2016-5766
Security Advisory Description Integer overflow in the gd2GetHeader function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service heap-based buffer overflow and...
K43223005: PHP vulnerability CVE-2018-5711
Security Advisory Description gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the...
K38016814: PHP and libgd vulnerabilities CVE-2016-5116, CVE-2016-6128, CVE-2016-6132, and CVE-2016-6214
Security Advisory Description CVE-2016-5116 gdxbm.c in the GD Graphics Library aka libgd before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service stack-based buffer...
K31542650: PHP and libGD vulnerability CVE-2016-7568
Security Advisory Description Integer overflow in the gdImageWebpCtx function in gdwebp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact vi...
K23731034: PHP & libGD vulnerability CVE-2016-10167
Security Advisory Description The gdImageCreateFromGd2Ctx function in gdgd2.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to cause a denial of service application crash via a crafted image file. CVE-2016-10167 Impact There is no impact; F5 products are not affected b...
K01709026: PHP vulnerabilities CVE-2017-7890 and CVE-2017-9226
Security Advisory Description CVE-2017-7890 The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized...
SUSE CVE-2007-2756
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service CPU consumption via a crafted PNG image with truncated data, which causes an infinite loop in the pngreadinfo function in libpng...
SUSE CVE-2007-3474
Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library libgd before 2.0.35 have unspecified impact and user-assisted remote attack vectors...
SUSE CVE-2007-3996
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a large 1 srcW or 2 srcH value to the a gdImageCopyResized function, or a large 3 sy height or 4 sx width value to the b...
SUSE CVE-2015-8877
The gdImageScaleTwoPass function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service memory consumption via a crafted call, as demonstrated ...