5 results (0.017 seconds)

CVSS: 4.3EPSS: 17%CPEs: 1EXPL: 0

The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. GD Graphics Library (libgd) anterior a 2.0.35 permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio (caída) mediante una imagen GIF que no tiene color global de mapa. • ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz http://bugs.libgd.org/?do=details&task_id=70 http://fedoranews.org/updates/FEDORA-2007-205.shtml http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://secunia.com/advisories/25860 http://secunia.com/advisories/26272 http://secunia.com/advisories/26390 http://secu •

CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 0

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. Error de índice de array en gd_gif_in.c de la librería gráfica GD (libgd) anterior a 2.0.35 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída y corrupción del montículo) mediante valores de índice de color grandes en datos de imagen manipulados, lo cual resulta en un fallo de segmentación. • ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz http://bugs.libgd.org/?do=details&task_id=87 http://fedoranews.org/updates/FEDORA-2007-205.shtml http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://osvdb.org/37741 http://secunia.com/advisories/25860 http://secunia.com/advisories/26272 http://secunia.com/a • CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 20%CPEs: 1EXPL: 0

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. Condición de carrera en gdImageStringFTEx (gdft_draw_bitmap) en gdft.c en GD Graphics Library (libgd) anterior a 2.0.35 permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio (caída) mediante vectores no especificados, posiblemente implicando el soporte para fuentes truetype (TTF). • http://bugs.libgd.org/?do=details&task_id=48 http://bugs.php.net/bug.php?id=40578 http://fedoranews.org/updates/FEDORA-2007-205.shtml http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://osvdb.org/37740 http://secunia.com/advisories/25855 http://secunia.com/advisories/26272 http://secunia.com/advisories/26390 http://secunia.com/advisories/26415 http://sec • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 10.0EPSS: 13%CPEs: 14EXPL: 0

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990. • http://secunia.com/advisories/13179 http://secunia.com/advisories/18686 http://secunia.com/advisories/20824 http://secunia.com/advisories/21050 http://www.ciac.org/ciac/bulletins/p-071.shtml http://www.debian.org/security/2004/dsa-601 http://www.mandriva.com/security/advisories?name=MDKSA-2006:113 http://www.mandriva.com/security/advisories?name=MDKSA-2006:114 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 http://www.redhat.com/support/errata/RHSA-2004-638 •

CVSS: 10.0EPSS: 21%CPEs: 25EXPL: 1

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941. • https://www.exploit-db.com/exploits/600 http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://marc.info/?l=bugtraq&m=109882489302099&w=2 http://secunia.com/advisories/18717 http://secunia.com/advisories/20824 http://secunia.com/advisories/20866 http://secunia.com/advisories/21050 http://secunia.com/advisories/23783 http://www.ciac.org/ciac/bulletins/p-071.shtml http://www.debian.org/security/2004/dsa-589 http://www.debian.org/security&#x •