Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-854-1
HistoryNov 05, 2009 - 12:00 a.m.

GD library vulnerabilities

2009-11-0500:00:00
ubuntu.com
45

7.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.114 Low

EPSS

Percentile

95.1%

JSON

Releases

  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04
  • Ubuntu 6.06

Packages

  • libgd2 -

Details

Tomas Hoger discovered that the GD library did not properly handle the
number of colors in certain malformed GD images. If a user or automated
system were tricked into processing a specially crafted GD image, an
attacker could cause a denial of service or possibly execute arbitrary
code. (CVE-2009-3546)

It was discovered that the GD library did not properly handle incorrect
color indexes. An attacker could send specially crafted input to
applications linked against libgd2 and cause a denial of service or
possibly execute arbitrary code. This issue only affected Ubuntu 6.06 LTS.
(CVE-2009-3293)

It was discovered that the GD library did not properly handle certain
malformed GIF images. If a user or automated system were tricked into
processing a specially crafted GIF image, an attacker could cause a denial
of service. This issue only affected Ubuntu 6.06 LTS. (CVE-2007-3475,
CVE-2007-3476)

It was discovered that the GD library did not properly handle large angle
degree values. An attacker could send specially crafted input to
applications linked against libgd2 and cause a denial of service. This
issue only affected Ubuntu 6.06 LTS. (CVE-2007-3477)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchlibgd2-xpm< 2.0.36~rc1~dfsg-3ubuntu1.9.10.1UNKNOWN
Ubuntu9.10noarchlibgd-tools< 2.0.36~rc1~dfsg-3ubuntu1.9.10.1UNKNOWN
Ubuntu9.10noarchlibgd2-noxpm< 2.0.36~rc1~dfsg-3ubuntu1.9.10.1UNKNOWN
Ubuntu9.10noarchlibgd2-noxpm-dev< 2.0.36~rc1~dfsg-3ubuntu1.9.10.1UNKNOWN
Ubuntu9.10noarchlibgd2-xpm-dev< 2.0.36~rc1~dfsg-3ubuntu1.9.10.1UNKNOWN
Ubuntu9.04noarchlibgd2-xpm< 2.0.36~rc1~dfsg-3ubuntu1.9.04.1UNKNOWN
Ubuntu9.04noarchlibgd-tools< 2.0.36~rc1~dfsg-3ubuntu1.9.04.1UNKNOWN
Ubuntu9.04noarchlibgd2-noxpm< 2.0.36~rc1~dfsg-3ubuntu1.9.04.1UNKNOWN
Ubuntu9.04noarchlibgd2-noxpm-dev< 2.0.36~rc1~dfsg-3ubuntu1.9.04.1UNKNOWN
Ubuntu9.04noarchlibgd2-xpm-dev< 2.0.36~rc1~dfsg-3ubuntu1.9.04.1UNKNOWN
Rows per page:
1-10 of 251

Related

openvas 93
nessus 50
securityvulns 6
freebsd 4
prion 5
cve 5
debiancve 4
ubuntucve 5
fedora 7
debian 3
gentoo 2
f5 2
osv 2
redhat 2
veracode 1
oraclelinux 2
centos 2
slackware 1
amazon 1
seebug 1
archlinux 1
openvas
openvas
Ubuntu USN-854-1 (libgd2)
2009-11-23 00:00:00
Ubuntu: Security Advisory (USN-854-1)
2009-11-23 00:00:00
Mandrake Security Advisory MDVSA-2009:285 (php)
2009-10-27 00:00:00
nessus
nessus
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : libgd2 vulnerabilities (USN-854-1)
2009-11-06 00:00:00
Mandriva Linux Security Advisory : gd (MDVSA-2009:284-1)
2009-10-22 00:00:00
FreeBSD : gd -- '_gdGetColors' remote buffer overflow vulnerability (4e8344a3-ca52-11de-8ee8-00215c6a37bb)
2009-11-09 00:00:00
securityvulns
securityvulns
[ MDVSA-2009:284 ] gd
2009-10-20 00:00:00
PHP multiple DoS conditions
2007-09-08 00:00:00
[ MDKSA-2007:153 ] - Updated gd packages fix several vulnerabilities
2007-08-05 00:00:00
freebsd
freebsd
gd -- '_gdGetColors' remote buffer overflow vulnerability
2009-10-15 00:00:00
gd -- multiple vulnerabilities
2007-06-21 00:00:00
libwmf -- multiple vulnerabilities
2004-10-12 00:00:00
prion
prion
Buffer overflow
2009-10-19 20:00:00
Design/Logic Flaw
2007-06-28 18:30:00
Code injection
2007-06-28 18:30:00
cve
cve
CVE-2009-3546
2009-10-19 20:00:00
CVE-2007-3476
2007-06-28 18:30:00
CVE-2007-3475
2007-06-28 18:30:00
debiancve
debiancve
CVE-2009-3546
2009-10-19 20:00:00
CVE-2007-3476
2007-06-28 18:30:00
CVE-2007-3475
2007-06-28 18:30:00
ubuntucve
ubuntucve
CVE-2009-3546
2009-10-19 00:00:00
CVE-2007-3475
2007-06-28 00:00:00
CVE-2007-3476
2007-06-28 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: gd-2.0.35-1.fc7
2007-09-07 17:19:34
[SECURITY] Fedora 17 Update: gd-2.0.35-17.fc17
2012-06-30 08:36:08
[SECURITY] Fedora 12 Update: maniadrive-1.2-19.fc12
2009-12-04 23:35:53
debian
debian
[SECURITY] [DSA 1613-1] new libgd2 packages fix multiple vulnerabilities
2008-07-22 07:01:19
[SECURITY] [DSA 1613-1] new libgd2 packages fix multiple vulnerabilities
2008-07-22 07:01:19
[SECURITY] [DSA 1936-1] New libgd2 packages fix several vulnerabilities
2009-11-17 20:52:01
gentoo
gentoo
GD: Multiple vulnerabilities
2007-08-09 00:00:00
GD: User-assisted execution of arbitrary code
2010-06-03 00:00:00
f5
f5
SOL13275 - PHP vulnerability CVE-2009-3293
2011-12-15 00:00:00
K13275 : PHP vulnerability CVE-2009-3293
2013-09-12 00:00:00
osv
osv
libgd2 - multiple vulnerabilities
2008-07-22 00:00:00
libgd2 - several vulnerabilities
2009-11-17 00:00:00
redhat
redhat
(RHSA-2010:0003) Moderate: gd security update
2010-01-04 00:00:00
(RHSA-2008:0146) Moderate: gd security update
2008-02-28 00:00:00
veracode
veracode
Buffer Overflow
2019-06-03 06:31:32
oraclelinux
oraclelinux
gd security update
2010-01-04 00:00:00
Moderate: gd security update
2008-02-28 00:00:00
centos
centos
gd security update
2010-01-04 23:33:40
gd security update
2008-02-28 19:35:25
slackware
slackware
php
2009-10-04 00:01:56
amazon
amazon
Important: libwmf
2015-10-27 13:51:00
seebug
seebug
PHP 5.2.11版本修复多个安全漏洞
2009-09-23 00:00:00
archlinux
archlinux
[ASA-201701-1] libwmf: multiple issues
2017-01-01 00:00:00

7.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.114 Low

EPSS

Percentile

95.1%

JSON
Related for USN-854-1
openvas93nessus50securityvulns6freebsd4prion5cve5debiancve4ubuntucve5fedora7debian3gentoo2f52osv2redhat2veracode1oraclelinux2centos2slackware1amazon1seebug1archlinux1