Lucene search

K
ubuntuUbuntuUSN-4316-2
HistoryApr 02, 2020 - 12:00 a.m.

GD Graphics Library vulnerabilities

2020-04-0200:00:00
ubuntu.com
62

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.013

Percentile

86.0%

Releases

  • Ubuntu 14.04 ESM

Packages

  • libgd2 - Open source code library for the dynamic creation of images

Details

USN-4316-1 fixed a vulnerability in GD Graphics Library. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that GD Graphics Library incorrectly handled cloning an
image. An attacker could possibly use this issue to cause GD Graphics Library
to crash, resulting in a denial of service. (CVE-2018-14553)

It was discovered that GD Graphics Library incorrectly handled loading images
from X bitmap format files. An attacker could possibly use this issue to cause
GD Graphics Library to crash, resulting in a denial of service, or to disclose
contents of the stack that has been left there by previous code. (CVE-2019-11038)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchlibgd3< 2.1.0-3ubuntu0.11+esm1UNKNOWN
Ubuntu14.04noarchlibgd-dbg< 2.1.0-3ubuntu0.11UNKNOWN
Ubuntu14.04noarchlibgd-dev< 2.1.0-3ubuntu0.11UNKNOWN
Ubuntu14.04noarchlibgd-tools< 2.1.0-3ubuntu0.11UNKNOWN
Ubuntu14.04noarchlibgd-tools-dbgsym< 2.1.0-3ubuntu0.11UNKNOWN
Ubuntu14.04noarchlibgd3< 2.1.0-3ubuntu0.11UNKNOWN
Ubuntu14.04noarchlibgd3-dbgsym< 2.1.0-3ubuntu0.11UNKNOWN
Ubuntu14.04noarchlibgd-tools< 2.1.0-3ubuntu0.11+esm1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.013

Percentile

86.0%