rpm package
suse/gd&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-14553 | — | < 2.1.0-24.17.1 | 2.1.0-24.17.1 | Feb 11, 2020 | gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). | ||
| CVE-2019-11038 | — | < 2.1.0-24.17.1 | 2.1.0-24.17.1 | Jun 18, 2019 | When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value o | ||
| CVE-2019-6978 | — | < 2.1.0-24.12.1 | 2.1.0-24.12.1 | Jan 28, 2019 | The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. | ||
| CVE-2019-6977 | — | < 2.1.0-24.12.1 | 2.1.0-24.12.1 | Jan 27, 2019 | gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker | ||
| CVE-2017-7890 | Med | 6.5 | < 2.1.0-24.17.1 | 2.1.0-24.17.1 | Aug 2, 2017 | The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 byte |
- CVE-2018-14553Feb 11, 2020affected < 2.1.0-24.17.1fixed 2.1.0-24.17.1
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
- CVE-2019-11038Jun 18, 2019affected < 2.1.0-24.17.1fixed 2.1.0-24.17.1
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value o
- CVE-2019-6978Jan 28, 2019affected < 2.1.0-24.12.1fixed 2.1.0-24.12.1
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
- CVE-2019-6977Jan 27, 2019affected < 2.1.0-24.12.1fixed 2.1.0-24.12.1
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker
- affected < 2.1.0-24.17.1fixed 2.1.0-24.17.1
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 byte