CVE-2017-6363
published 2020-02-27CVE-2017-6363: In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion…
PriorityP433high8.1CVSS 3.1
AVNACLPRNUIRSUCHINAH
EPSS
1.27%
66.1th percentile
In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | < libgd2 2.3.0-1 (bookworm) | libgd2 2.3.0-1 (bookworm) |
| libgd | libgd | <= 2.2.5 | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:P
osv8.1HIGH
vendor_debian8.1HIGH
vendor_ubuntu8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pfv9-ff57-j64p: ** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2
ghsa_unreviewed·2022-05-24
CVE-2017-6363 [MEDIUM] CWE-125 GHSA-pfv9-ff57-j64p: ** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2
** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'"
OSV
libgd2 vulnerabilities
osv·2021-09-08·CVSS 8.1
CVE-2017-6363 [HIGH] libgd2 vulnerabilities
libgd2 vulnerabilities
It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files.
An attacker could possibly use this issue to cause a crash or expose sensitive information.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
(CVE-2017-6363)
It was discovered that GD Graphics Library incorrectly handled certain TGA files.
An attacker could possibly use this issue to cause a denial of service or
expose sensitive information. (CVE-2021-381)
It was discovered that GD Graphics Library incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash.
(CVE-2021-40145)
OSV
CVE-2017-6363: In the GD Graphics Library (aka LibGD) through 2
osv·2020-02-27·CVSS 8.1
CVE-2017-6363 [HIGH] CVE-2017-6363: In the GD Graphics Library (aka LibGD) through 2
In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'
Ubuntu
GD library vulnerabilities
vendor_ubuntu·2021-09-08·CVSS 8.1
CVE-2021-40145 [HIGH] GD library vulnerabilities
Title: GD library vulnerabilities
Summary: Several security issues were fixed in GD library.
It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files.
An attacker could possibly use this issue to cause a crash or expose sensitive information.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM.
(CVE-2017-6363)
It was discovered that GD Graphics Library incorrectly handled certain TGA files.
An attacker could possibly use this issue to cause a denial of service or
expose sensitive information. (CVE-2021-381)
It was discovered that GD Graphics Library incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash.
(CVE-2021-40145)
Instructions: In general, a standard system upda
Debian
CVE-2017-6363: libgd2 - In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buff...
vendor_debian·2017·CVSS 8.1
CVE-2017-6363 [HIGH] CVE-2017-6363: libgd2 - In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buff...
In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'
Scope: local
bookworm: resolved (fixed in 2.3.0-1)
bullseye: resolved (fixed in 2.3.0-1)
forky: resolved (fixed in 2.3.0-1)
sid: resolved (fixed in 2.3.0-1)
trixie: resolved (fixed in 2.3.0-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-02-27
Published