Page 2 of 29 results (0.020 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-6906

https://notcve.org/view.php?id=CVE-2016-6906

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer. La función read_image_tga en gd_tga.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo TGA manipulado, relacionado con el búfer de descompresión. • http://www.debian.org/security/2017/dsa-3777 http://www.securityfocus.com/bid/96503 https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558 https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2016-10166 – gd: Unsigned integer underflow _gdContributionsAlloc()

https://notcve.org/view.php?id=CVE-2016-10166

Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. Desbordamiento inferior de entero en la función _gdContributionsAlloc en gd_interpolation.c en la GD Graphics Library (también conocida como libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos tener un impacto no especificado a través de vectores relacionados con el decremento de la variable u. • http://libgd.github.io/release-2.2.4.html http://www.debian.org/security/2017/dsa-3777 http://www.openwall.com/lists/oss-security/2017/01/26/1 http://www.openwall.com/lists/oss-security/2017/01/28/6 http://www.securityfocus.com/bid/95869 https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35 https://access.redhat.com/security/cve/CVE-2016-10166 https& • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2016-10167 – gd: DoS vulnerability in gdImageCreateFromGd2Ctx()

https://notcve.org/view.php?id=CVE-2016-10167

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. La función gdImageCreateFromGd2Ctx en gd_gd2.c en la GD Graphics Library (también conocida como libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un archivo de imagen manipulado. A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. • http://libgd.github.io/release-2.2.4.html http://www.debian.org/security/2017/dsa-3777 http://www.openwall.com/lists/oss-security/2017/01/26/1 http://www.openwall.com/lists/oss-security/2017/01/28/6 http://www.securityfocus.com/bid/95869 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2017:3221 https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f https://www.t • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10168 – gd: Integer overflow in gd_io.c

https://notcve.org/view.php?id=CVE-2016-10168

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. Desbordamiento de entero en gd_io.c en la GD Graphics Library (también conocida como libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos tener un impacto no especificado a través de vectores que implican el número de trozos horizontales y verticales en una imagen. An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application. • http://libgd.github.io/release-2.2.4.html http://www.debian.org/security/2017/dsa-3777 http://www.openwall.com/lists/oss-security/2017/01/26/1 http://www.openwall.com/lists/oss-security/2017/01/28/6 http://www.securityfocus.com/bid/95869 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2017:3221 https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6 https://github • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-6912

https://notcve.org/view.php?id=CVE-2016-6912

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values. Vulnerabilidad de liberación doble en la función gdImageWebPtr en la GD Graphics Library (librería libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos tener impacto no especificado a través de valores de anchura y altura grandes. • http://www.debian.org/security/2017/dsa-3777 http://www.securityfocus.com/bid/95843 https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2 • CWE-415: Double Free •