rpm package
suse/gd&distro=SUSE Linux Enterprise Server 12 SP3
pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-6978 | — | < 2.1.0-24.12.1 | 2.1.0-24.12.1 | Jan 28, 2019 | The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. | ||
| CVE-2019-6977 | — | < 2.1.0-24.12.1 | 2.1.0-24.12.1 | Jan 27, 2019 | gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker | ||
| CVE-2018-1000222 | — | < 2.1.0-24.9.1 | 2.1.0-24.9.1 | Aug 20, 2018 | Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed | ||
| CVE-2018-5711 | — | < 2.1.0-24.6.1 | 2.1.0-24.6.1 | Jan 16, 2018 | gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatef | ||
| CVE-2017-6362 | Hig | 7.5 | < 2.1.0-24.3.4 | 2.1.0-24.3.4 | Sep 7, 2017 | Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. |
- CVE-2019-6978Jan 28, 2019affected < 2.1.0-24.12.1fixed 2.1.0-24.12.1
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
- CVE-2019-6977Jan 27, 2019affected < 2.1.0-24.12.1fixed 2.1.0-24.12.1
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker
- CVE-2018-1000222Aug 20, 2018affected < 2.1.0-24.9.1fixed 2.1.0-24.9.1
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed
- CVE-2018-5711Jan 16, 2018affected < 2.1.0-24.6.1fixed 2.1.0-24.6.1
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatef
- affected < 2.1.0-24.3.4fixed 2.1.0-24.3.4
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.