VYPR

GD Graphics Library

by Libgd

Source repositories

CVEs (23)

  • CVE-2016-6912CriJan 26, 2017
    risk 0.64cvss 9.8epss 0.04

    Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.

  • CVE-2016-8670CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.05

    Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have…

  • CVE-2016-7568CriSep 28, 2016
    risk 0.64cvss 9.8epss 0.05

    Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via…

  • CVE-2016-10166CriMar 15, 2017
    risk 0.58cvss 9.8epss 0.11

    Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.

  • CVE-2016-9933HigJan 4, 2017
    risk 0.49cvss 7.5epss 0.07

    Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted…

  • CVE-2016-10168HigMar 15, 2017
    risk 0.44cvss 7.8epss 0.04

    Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.

  • CVE-2016-6905MedOct 3, 2016
    risk 0.42cvss 6.5epss 0.03

    The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.

  • CVE-2016-6906MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.

  • CVE-2016-9317MedJan 26, 2017
    risk 0.36cvss 5.5epss 0.04

    The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.

  • CVE-2016-6911MedJan 26, 2017
    risk 0.36cvss 5.5epss 0.02

    The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.

  • CVE-2016-10167MedMar 15, 2017
    risk 0.29cvss 5.5epss 0.04

    The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

  • CVE-2007-3473Jun 28, 2007
    risk 0.04cvss epss 0.13

    The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.

  • CVE-2019-11038Jun 18, 2019
    risk 0.01cvss epss 0.04

    When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value…

  • CVE-2009-3546Oct 19, 2009
    risk 0.01cvss epss 0.10

    The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD…

  • CVE-2007-3472Jun 28, 2007
    risk 0.01cvss epss 0.07

    Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.

  • CVE-2007-0455Jan 30, 2007
    risk 0.01cvss epss 0.12

    Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

  • CVE-2021-40812Sep 8, 2021
    risk 0.00cvss epss 0.02

    The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

  • CVE-2021-38115Aug 4, 2021
    risk 0.00cvss epss 0.02

    read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

  • CVE-2019-6978Jan 28, 2019
    risk 0.00cvss epss 0.04

    The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

  • CVE-2007-3475Jun 28, 2007
    risk 0.00cvss epss 0.02

    The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.

Page 1 of 2