Vulnerabilities > Libgd

DATE CVE VULNERABILITY TITLE RISK
2020-02-27 CVE-2017-6363 Out-Of-Bounds Read vulnerability in Libgd
** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c.
network
libgd CWE-125
5.8
2020-02-11 CVE-2018-14553 Null Pointer Dereference vulnerability in Libgd
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence.
network
low complexity
libgd CWE-476
5.0
2019-06-19 CVE-2019-11038 USE of Uninitialized Resource vulnerability in multiple products
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable.
5.0
2019-01-28 CVE-2019-6978 Double Free vulnerability in multiple products
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c.
network
low complexity
libgd debian canonical CWE-415
7.5
2019-01-27 CVE-2019-6977 Out-Of-Bounds Write vulnerability in multiple products
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow.
6.8
2018-08-20 CVE-2018-1000222 Double Free vulnerability in multiple products
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution .
6.8
2017-09-07 CVE-2017-6362 Double Free vulnerability in multiple products
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
network
low complexity
libgd debian fedoraproject canonical CWE-415
5.0
2017-03-15 CVE-2016-10168 Integer Overflow OR Wraparound vulnerability in Libgd
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
network
libgd CWE-190
6.8
2017-03-15 CVE-2016-10167 Improper Input Validation vulnerability in Libgd
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
network
libgd CWE-20
4.3
2017-03-15 CVE-2016-10166 Integer Underflow (Wrap OR Wraparound) vulnerability in Libgd
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
network
low complexity
libgd CWE-191
7.5