CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40812 – Ubuntu Security Notice USN-7112-1
https://notcve.org/view.php?id=CVE-2021-40812
08 Sep 2021 — The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks. GD Graphics Library (también se conoce como LibGD) versiones hasta 2.3.2, presenta una lectura fuera de límites debido a una falta de ciertas comprobaciones de los valores de retorno de gdGetBuf y gdPutBuf It was discovered that the GD Graphics Library did not perform proper bounds checking while handling BMP and WebP files. If a user were tricked into opening... • https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40145 – Ubuntu Security Notice USN-5068-1
https://notcve.org/view.php?id=CVE-2021-40145
26 Aug 2021 — gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes. ** EN DISPUTA ** la función gdImageGd2Ptr en el archivo gd_gd2.c en GD Graphics Library (también se conoce como LibGD) hasta la versión 2.3.2, presenta una doble liberación. NOTA: la posición del proveedor es "The GD2 ... • https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38115
https://notcve.org/view.php?id=CVE-2021-38115
04 Aug 2021 — read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. Una función read_header_tga en el archivo gd_tga.c en GD Graphics Library (también se conoce como LibGD) versiones hasta 2.3.2 permite a atacantes remotos causar una denegación de servicio (lectura fuera de los límites) por medio de un archivo TGA diseñado • https://github.com/libgd/libgd/issues/697 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6363 – Ubuntu Security Notice USN-5068-1
https://notcve.org/view.php?id=CVE-2017-6363
27 Feb 2020 — In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.' ** EN DISPUTA ** En la GD Graphics Library (también se conoce como Libgd) versiones hasta 2.2.5, se presenta una lectura excesiva del búfer en la región heap de la memoria en tiffWriter en el arch... • https://github.com/libgd/libgd/issues/383 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2018-14553 – gd: NULL pointer dereference in gdImageClone
https://notcve.org/view.php?id=CVE-2018-14553
11 Feb 2020 — gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). La función gdImageClone en el archivo gd.c en libgd versiones 2.1.0-rc2 hasta 2.2.5, presenta una desreferencia del puntero NULL que permite a atacantes bloquear una aplicación por medio de una secuencia de llamada de función específica. It was discovered that GD Graphics Libra... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 25EXPL: 5CVE-2019-11038 – Uninitialized read in gdImageCreateFromXbm
https://notcve.org/view.php?id=CVE-2019-11038
18 Jun 2019 — When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. Cuando se usa la función gdImageCreateFromXbm () en la Biblioteca de gráficos GD (también conocida como LibGD) 2.... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2019-6978 – gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c
https://notcve.org/view.php?id=CVE-2019-6978
28 Jan 2019 — The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. La versión 2.25 de GD Graphics Library (también conocido como LibGD) tiene una doble liberación (double free) en las funciones gdImage*Ptr() en gd_gif_out.c, gd_jpeg.c y gd_wbmp.c. NOTA: PHP no se ve afectado. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private c... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 8.8EPSS: 58%CPEs: 12EXPL: 3CVE-2019-6977 – PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write
https://notcve.org/view.php?id=CVE-2019-6977
27 Jan 2019 — gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. gdImageColorMatch in gd_color_match.c en la versión 2.2.5 de GD Graphics Library (también conocido como LibGD), tal y como se utiliza en la función imagecolormat... • https://packetstorm.news/files/id/152459 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-1000222 – Gentoo Linux Security Advisory 201903-18
https://notcve.org/view.php?id=CVE-2018-1000222
20 Aug 2018 — Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. Libgd 2.2.5 contiene una vulnerabilidad de doble liberación (double free) en la función gdImageBmpPtr que puede resultar en la ejecución remota de código. Este ataque parece... • https://github.com/libgd/libgd/issues/447 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-6362 – Debian Security Advisory 3961-1
https://notcve.org/view.php?id=CVE-2017-6362
05 Sep 2017 — Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Una vulnerabilidad de liberación doble (double free) en la función gdImagePngPtr en libgd2 en versiones anteriores a la 2.2.5 permite que atacantes remotos provoquen una denegación de servicio utilizando vectores relacionados con una paleta sin colores. A double-free vulnerability was discovered in the gdImagePngPtr() function in... • http://www.debian.org/security/2017/dsa-3961 • CWE-415: Double Free •