Search CVE reports


Toggle filters

1 – 10 of 58 results


CVE-2021-40812

Low priority

Some fixes available 4 of 10

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Not affected Fixed Fixed Fixed Fixed
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-40145

Medium priority
Fixed

** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as...

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Fixed Fixed Fixed Fixed
php5 Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-38115

Low priority
Fixed

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Fixed Fixed Fixed Fixed
php5 Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release Not in release
Show less packages

CVE-2017-6363

Low priority

Some fixes available 4 of 6

** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2...

6 affected packages

libgd2, php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Not affected Not affected Fixed Fixed Fixed
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release Not in release Not in release
php7.4 Not in release Not in release Not affected Not in release Not in release
Show less packages

CVE-2018-14553

Low priority

Some fixes available 14 of 24

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

6 affected packages

doxygen, libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
doxygen Vulnerable Vulnerable Vulnerable Not affected Not affected
libgd2 Fixed Fixed Fixed Fixed Fixed
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2019-11038

Low priority

Some fixes available 3 of 5

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply...

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Not affected Fixed Fixed
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not affected
php7.2 Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release
Show less packages

CVE-2019-6978

Low priority
Fixed

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Not affected Fixed Fixed
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not affected
php7.2 Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release
Show less packages

CVE-2019-6977

Medium priority
Fixed

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based...

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Fixed Fixed
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.2 Not affected Not in release
php7.3 Not in release Not in release
Show less packages

CVE-2018-1000222

Medium priority
Fixed

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double...

4 affected packages

libgd2, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Fixed Fixed
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.1 Not in release Not in release
Show less packages

CVE-2018-5711

Low priority

Some fixes available 9 of 10

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF...

4 affected packages

libgd2, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Fixed Fixed Fixed
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not affected
php7.1 Not in release Not in release Not in release
Show less packages