CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6161 – Debian Security Advisory 3619-1
https://notcve.org/view.php?id=CVE-2016-6161
11 Jul 2016 — The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. La función de salida en gd_gif_out.c en GD Graphics Library (también conocida como libgd) permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites) a través de una imagen manipulada. It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possi... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 1CVE-2015-8877 – gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches
https://notcve.org/view.php?id=CVE-2015-8877
22 May 2016 — The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function. La función gdImageScaleTwoPass en gd_interpolation.c en el GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.0, como es utilizado en PHP e... • http://rhn.redhat.com/errata/RHSA-2016-2750.html • CWE-399: Resource Management Errors CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.8EPSS: 55%CPEs: 13EXPL: 5CVE-2016-3074 – libgd 2.1.1 - Signedness Heap Overflow
https://notcve.org/view.php?id=CVE-2016-3074
21 Apr 2016 — Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. Error de entero sin signo en GD Graphics Library 2.1.1 (también conocida como libgd o libgd2) permite a atacantes remotos provocar una denegación de servicio (caída) o potencialmente ejecutar código arbitrario a través de datos gd2 comprimidos manipulados, lo... • https://packetstorm.news/files/id/140537 • CWE-122: Heap-based Buffer Overflow CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 9.8EPSS: 14%CPEs: 12EXPL: 1CVE-2014-9709 – gd: buffer read overflow in gd_gif_in.c
https://notcve.org/view.php?id=CVE-2014-9709
30 Mar 2015 — The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. La función GetCode_ en gd_gif_in.c en GD 2.1.1 y anteriores, utilizado en PHP anterior a 5.5.21 y 5.6.x anterior a 5.6.5, permite a atacantes remotos causar una denegación de servicio (sobre lectura de buffer y caí... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •