Page 2 of 23 results (0.015 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer. La función read_image_tga en gd_tga.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo TGA manipulado, relacionado con el búfer de descompresión. • http://www.debian.org/security/2017/dsa-3777 http://www.securityfocus.com/bid/96503 https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558 https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415 • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. La función gdImageCreateFromGd2Ctx en gd_gd2.c en la GD Graphics Library (también conocida como libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un archivo de imagen manipulado. A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. • http://libgd.github.io/release-2.2.4.html http://www.debian.org/security/2017/dsa-3777 http://www.openwall.com/lists/oss-security/2017/01/26/1 http://www.openwall.com/lists/oss-security/2017/01/28/6 http://www.securityfocus.com/bid/95869 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2017:3221 https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f https://www.t • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. Desbordamiento de entero en gd_io.c en la GD Graphics Library (también conocida como libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos tener un impacto no especificado a través de vectores que implican el número de trozos horizontales y verticales en una imagen. An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application. • http://libgd.github.io/release-2.2.4.html http://www.debian.org/security/2017/dsa-3777 http://www.openwall.com/lists/oss-security/2017/01/26/1 http://www.openwall.com/lists/oss-security/2017/01/28/6 http://www.securityfocus.com/bid/95869 http://www.securitytracker.com/id/1037659 https://access.redhat.com/errata/RHSA-2017:3221 https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6 https://github • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image. La función gdImageCreate en GD Graphics Library (librería también conocida como libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos provocar una denegación de servicio (cuelgue del sistema) a través de una imagen sobredimensionada. • http://www.debian.org/security/2017/dsa-3777 http://www.securityfocus.com/bid/95841 https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md https://github.com/libgd/libgd/commit/1846f48e5fcdde996e7c27a4bbac5d0aef183e4b • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values. Vulnerabilidad de liberación doble en la función gdImageWebPtr en la GD Graphics Library (librería libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos tener impacto no especificado a través de valores de anchura y altura grandes. • http://www.debian.org/security/2017/dsa-3777 http://www.securityfocus.com/bid/95843 https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2 • CWE-415: Double Free •