CVSS: 7.5EPSS: 13%CPEs: 9EXPL: 0CVE-2016-6128 – gd: Invalid color index not properly handled
https://notcve.org/view.php?id=CVE-2016-6128
11 Jul 2016 — The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. La función gdImageCropThreshold en gd_crop.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.3, como se utiliza en PHP en versiones anteriores a 7.0.9, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a trav... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6161 – Debian Security Advisory 3619-1
https://notcve.org/view.php?id=CVE-2016-6161
11 Jul 2016 — The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. La función de salida en gd_gif_out.c en GD Graphics Library (también conocida como libgd) permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites) a través de una imagen manipulada. It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possi... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 15%CPEs: 62EXPL: 2CVE-2016-5766 – gd: Integer overflow in _gd2GetHeader() resulting in heap overflow
https://notcve.org/view.php?id=CVE-2016-5766
26 Jun 2016 — Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. Desbordamiento de entero en la función _gd2GetHeader en gd_gd2.c en la GD Graphics Library (también conocido como libgd) en versiones anter... • http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 3%CPEs: 41EXPL: 0CVE-2016-5767 – gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
https://notcve.org/view.php?id=CVE-2016-5767
26 Jun 2016 — Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. Desbordamiento de entero en la función gdImageCreate en gd.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.0.34... • http://github.com/php/php-src/commit/c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6?w=1 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.6EPSS: 2%CPEs: 39EXPL: 1CVE-2013-7456 – gd: incorrect boundary adjustment in _gdContributionsCalc
https://notcve.org/view.php?id=CVE-2013-7456
27 May 2016 — gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function. gd_interpolation.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.1.1, tal como se usa en PHP en versiones anteriores 5.5.36, 5.6.x en versiones an... • http://php.net/ChangeLog-5.php • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 1CVE-2015-8877 – gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches
https://notcve.org/view.php?id=CVE-2015-8877
22 May 2016 — The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function. La función gdImageScaleTwoPass en gd_interpolation.c en el GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.0, como es utilizado en PHP e... • http://rhn.redhat.com/errata/RHSA-2016-2750.html • CWE-399: Resource Management Errors CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.8EPSS: 54%CPEs: 13EXPL: 5CVE-2016-3074 – libgd 2.1.1 - Signedness Heap Overflow
https://notcve.org/view.php?id=CVE-2016-3074
21 Apr 2016 — Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. Error de entero sin signo en GD Graphics Library 2.1.1 (también conocida como libgd o libgd2) permite a atacantes remotos provocar una denegación de servicio (caída) o potencialmente ejecutar código arbitrario a través de datos gd2 comprimidos manipulados, lo... • https://packetstorm.news/files/id/140537 • CWE-122: Heap-based Buffer Overflow CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 9.8EPSS: 14%CPEs: 12EXPL: 1CVE-2014-9709 – gd: buffer read overflow in gd_gif_in.c
https://notcve.org/view.php?id=CVE-2014-9709
30 Mar 2015 — The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. La función GetCode_ en gd_gif_in.c en GD 2.1.1 y anteriores, utilizado en PHP anterior a 5.5.21 y 5.6.x anterior a 5.6.5, permite a atacantes remotos causar una denegación de servicio (sobre lectura de buffer y caí... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 6%CPEs: 1EXPL: 0CVE-2007-2756 – gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG
https://notcve.org/view.php?id=CVE-2007-2756
18 May 2007 — The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. La función gdPngReadData del libgd 2.0.34 permite a atacantes con la intervención del usuario provocar una denegación de servicio (agotamiento de CPU) a través de imágenes PNG modificadas con datos truncados, lo que provoca un bucle infinito en la función png_read_info del l... • http://bugs.libgd.org/?do=details&task_id=86 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •