Libgd

Libgd

34 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2021-40812

  • EPSS 0.14%
  • Veröffentlicht 08.09.2021 21:15:14
  • Zuletzt bearbeitet 21.11.2024 06:24:49

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

7.5

CVE-2021-40145

Exploit
  • EPSS 0.59%
  • Veröffentlicht 26.08.2021 01:15:11
  • Zuletzt bearbeitet 21.11.2024 06:23:39

gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be...

6.5

CVE-2021-38115

Exploit
  • EPSS 0.21%
  • Veröffentlicht 04.08.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:16:25

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

8.1

CVE-2017-6363

Exploit
  • EPSS 0.38%
  • Veröffentlicht 27.02.2020 05:15:11
  • Zuletzt bearbeitet 21.11.2024 03:29:38

In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolet...

7.5

CVE-2018-14553

  • EPSS 0.75%
  • Veröffentlicht 11.02.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 03:49:18

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

5.3

CVE-2019-11038

Exploit
  • EPSS 8.29%
  • Veröffentlicht 19.06.2019 00:15:12
  • Zuletzt bearbeitet 21.11.2024 04:20:25

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause t...

9.8

CVE-2019-6978

  • EPSS 3.51%
  • Veröffentlicht 28.01.2019 08:29:00
  • Zuletzt bearbeitet 21.11.2024 04:47:21

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

8.8

CVE-2019-6977

Exploit
  • EPSS 89.15%
  • Veröffentlicht 27.01.2019 02:29:00
  • Zuletzt bearbeitet 21.11.2024 04:47:20

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This c...

8.8

CVE-2018-1000222

  • EPSS 2.29%
  • Veröffentlicht 20.08.2018 20:29:01
  • Zuletzt bearbeitet 21.11.2024 03:39:58

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerabil...

7.5

CVE-2017-6362

  • EPSS 2.14%
  • Veröffentlicht 07.09.2017 13:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.