VYPR

Libgd

by Libgd

Source repositories

CVEs (39)

  • CVE-2016-6161MedAug 12, 2016
    risk 0.42cvss 6.5epss 0.03

    The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

  • CVE-2015-8877HigMay 22, 2016
    risk 0.42cvss 7.5epss 0.04

    The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted…

  • CVE-2018-5711MedJan 16, 2018
    risk 0.37cvss 5.5epss 0.13

    gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the…

  • CVE-2016-6906MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.

  • CVE-2016-9317MedJan 26, 2017
    risk 0.36cvss 5.5epss 0.04

    The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.

  • CVE-2016-6911MedJan 26, 2017
    risk 0.36cvss 5.5epss 0.02

    The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.

  • CVE-2016-10167MedMar 15, 2017
    risk 0.29cvss 5.5epss 0.04

    The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

  • CVE-2004-0990Mar 1, 2005
    risk 0.05cvss epss 0.28

    Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the…

  • CVE-2007-3473Jun 28, 2007
    risk 0.04cvss epss 0.13

    The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.

  • CVE-2019-6977Jan 27, 2019
    risk 0.03cvss epss 0.65

    gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an…

  • CVE-2014-2497Mar 21, 2014
    risk 0.02cvss epss 0.22

    The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

  • CVE-2014-9709Mar 30, 2015
    risk 0.01cvss epss 0.16

    The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the…

  • CVE-2004-0941Feb 9, 2005
    risk 0.01cvss epss 0.11

    Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than…

  • CVE-2021-40145Aug 26, 2021
    risk 0.00cvss epss 0.02

    gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and…

  • CVE-2017-6363Feb 27, 2020
    risk 0.00cvss epss 0.01

    In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used…

  • CVE-2018-14553Feb 11, 2020
    risk 0.00cvss epss 0.03

    gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

  • CVE-2019-6978Jan 28, 2019
    risk 0.00cvss epss 0.04

    The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

  • CVE-2007-3476Jun 28, 2007
    risk 0.00cvss epss 0.02

    Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.

  • CVE-2007-2756May 18, 2007
    risk 0.00cvss epss 0.04

    The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.

Page 2 of 2