CVE-2015-8877 – gd: gdImageScaleTwoPass function in gd_interpolation.c uses inconsistent allocate and free approaches
https://notcve.org/view.php?id=CVE-2015-8877
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function. La función gdImageScaleTwoPass en gd_interpolation.c en el GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.0, como es utilizado en PHP en versiones anteriores a 5.6.12, usa asignaciones inconsistentes y enfoques libres, lo que permite a atacantes remotos provocar una denegación del servicio (consumo de memoria) a través de una llamada manipulada, según lo demostrado mediante una llamada a la función PHP imagescale. • http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3587 http://www.php.net/ChangeLog-5.php http://www.ubuntu.com/usn/USN-2987-1 https://bugs.php.net/bug.php?id=70064 https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24 https://github.com/libgd/libgd/issues/173 https://access.redhat.com/security/cve/CVE-2015-8877 https://bugzilla.redhat.com/show_bug.cgi?id=1338907 • CWE-399: Resource Management Errors CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2014-9709 – gd: buffer read overflow in gd_gif_in.c
https://notcve.org/view.php?id=CVE-2014-9709
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. La función GetCode_ en gd_gif_in.c en GD 2.1.1 y anteriores, utilizado en PHP anterior a 5.5.21 y 5.6.x anterior a 5.6.5, permite a atacantes remotos causar una denegación de servicio (sobre lectura de buffer y caída de aplicación) a través de una imagen GIF manipulada que es manejada incorrectamente por la función gdImageCreateFromGif. A buffer over-read flaw was found in the GD library. A specially crafted GIF file could cause an application using the gdImageCreateFromGif() function to crash. • http://advisories.mageia.org/MGASA-2015-0040.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.redhat.com/errata/RHSA-2015-1066.html http://rhn.redhat.com/errata/RHS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-2756 – gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG
https://notcve.org/view.php?id=CVE-2007-2756
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. La función gdPngReadData del libgd 2.0.34 permite a atacantes con la intervención del usuario provocar una denegación de servicio (agotamiento de CPU) a través de imágenes PNG modificadas con datos truncados, lo que provoca un bucle infinito en la función png_read_info del libpng. • http://bugs.libgd.org/?do=details&task_id=86 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://osvdb.org/35788 http://osvdb.org/36643 http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/25353 http://secunia.com/advisories/25362 http://secunia.com/advisories/25378 http://secunia.com/advisories/25535 http://secunia.com/advisories/25575 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •