rpm package

opensuse/gd&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/gd&distro=openSUSE%20Tumbleweed

Vulnerabilities (22)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-14553		—	< 2.3.3-1.1	2.3.3-1.1	Feb 11, 2020	gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
CVE-2019-11038		—	< 2.3.3-1.1	2.3.3-1.1	Jun 18, 2019	When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value o
CVE-2019-6978		—	< 2.3.3-1.1	2.3.3-1.1	Jan 28, 2019	The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
CVE-2019-6977		—	< 2.3.3-1.1	2.3.3-1.1	Jan 27, 2019	gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker
CVE-2018-1000222		—	< 2.3.3-1.1	2.3.3-1.1	Aug 20, 2018	Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed
CVE-2018-5711		—	< 2.3.3-1.1	2.3.3-1.1	Jan 16, 2018	gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatef
CVE-2017-6362	Hig	7.5	< 2.3.3-1.1	2.3.3-1.1	Sep 7, 2017	Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
CVE-2017-7890	Med	6.5	< 2.3.3-1.1	2.3.3-1.1	Aug 2, 2017	The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 byte
CVE-2016-10168	Hig	7.8	< 2.3.3-1.1	2.3.3-1.1	Mar 15, 2017	Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
CVE-2016-10167	Med	5.5	< 2.3.3-1.1	2.3.3-1.1	Mar 15, 2017	The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10166	Cri	9.8	< 2.3.3-1.1	2.3.3-1.1	Mar 15, 2017	Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
CVE-2016-9317	Med	5.5	< 2.3.3-1.1	2.3.3-1.1	Jan 26, 2017	The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.
CVE-2016-6912	Cri	9.8	< 2.3.3-1.1	2.3.3-1.1	Jan 26, 2017	Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
CVE-2016-6905	Med	6.5	< 2.2.3-2.1	2.2.3-2.1	Oct 3, 2016	The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
CVE-2016-6214	Med	6.5	< 2.2.3-2.1	2.2.3-2.1	Aug 12, 2016	gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-6207	Med	6.5	< 2.2.3-2.1	2.2.3-2.1	Aug 12, 2016	Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
CVE-2016-6132	Med	6.5	< 2.2.3-2.1	2.2.3-2.1	Aug 12, 2016	The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-6128	Hig	7.5	< 2.2.3-2.1	2.2.3-2.1	Aug 7, 2016	The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
CVE-2016-5766	Hig	8.8	< 2.2.3-2.1	2.2.3-2.1	Aug 7, 2016	Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio
CVE-2016-5116	Cri	9.1	< 2.2.3-2.1	2.2.3-2.1	Aug 7, 2016	gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application cra

CVE-2018-14553Feb 11, 2020
affected < 2.3.3-1.1fixed 2.3.3-1.1
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
CVE-2019-11038Jun 18, 2019
affected < 2.3.3-1.1fixed 2.3.3-1.1
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value o
CVE-2019-6978Jan 28, 2019
affected < 2.3.3-1.1fixed 2.3.3-1.1
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
CVE-2019-6977Jan 27, 2019
affected < 2.3.3-1.1fixed 2.3.3-1.1
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker
CVE-2018-1000222Aug 20, 2018
affected < 2.3.3-1.1fixed 2.3.3-1.1
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed
CVE-2018-5711Jan 16, 2018
affected < 2.3.3-1.1fixed 2.3.3-1.1
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatef
CVE-2017-6362HigSep 7, 2017
affected < 2.3.3-1.1fixed 2.3.3-1.1
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
CVE-2017-7890MedAug 2, 2017
affected < 2.3.3-1.1fixed 2.3.3-1.1
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 byte
CVE-2016-10168HigMar 15, 2017
affected < 2.3.3-1.1fixed 2.3.3-1.1
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
CVE-2016-10167MedMar 15, 2017
affected < 2.3.3-1.1fixed 2.3.3-1.1
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10166CriMar 15, 2017
affected < 2.3.3-1.1fixed 2.3.3-1.1
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
CVE-2016-9317MedJan 26, 2017
affected < 2.3.3-1.1fixed 2.3.3-1.1
The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.
CVE-2016-6912CriJan 26, 2017
affected < 2.3.3-1.1fixed 2.3.3-1.1
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
CVE-2016-6905MedOct 3, 2016
affected < 2.2.3-2.1fixed 2.2.3-2.1
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
CVE-2016-6214MedAug 12, 2016
affected < 2.2.3-2.1fixed 2.2.3-2.1
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-6207MedAug 12, 2016
affected < 2.2.3-2.1fixed 2.2.3-2.1
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
CVE-2016-6132MedAug 12, 2016
affected < 2.2.3-2.1fixed 2.2.3-2.1
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-6128HigAug 7, 2016
affected < 2.2.3-2.1fixed 2.2.3-2.1
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
CVE-2016-5766HigAug 7, 2016
affected < 2.2.3-2.1fixed 2.2.3-2.1
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio
CVE-2016-5116CriAug 7, 2016
affected < 2.2.3-2.1fixed 2.2.3-2.1
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application cra

Page 1 of 2