Lucene search

UbuntuUSN-3389-2

HistoryAug 14, 2017 - 12:00 a.m.

GD vulnerability

2017-08-1400:00:00

ubuntu.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.298 Low

EPSS

Percentile

96.9%

JSON

Releases

Ubuntu 12.04

Packages

libgd2 - GD Graphics Library

Details

USN-3389-1 fixed a vulnerability in GD Graphics Library.
This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

A vulnerability was discovered in GD Graphics Library (aka libgd),
as used in PHP that does not zero colorMap arrays before use.
A specially crafted GIF image could use the uninitialized tables to
read bytes from the top of the stack.

OSVersionArchitecturePackageVersionFilename
Ubuntu12.04noarchlibgd-tools< 2.0.36~rc1~dfsg-6ubuntu2.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	12.04	noarch	libgd-tools	< 2.0.36~rc1~dfsg-6ubuntu2.5	UNKNOWN

References

ubuntu.com/security/CVE-2017-7890

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.298 Low

EPSS

Percentile

96.9%

JSON

GD vulnerability

Releases

Packages

Details

References

Related