cbcvebase.

Debian Libgd2 vulnerabilities

53 known vulnerabilities affecting debian/libgd2.

Total CVEs
53
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH11MEDIUM18LOW15

Vulnerabilities

Page 1 of 3
CVE-2019-6977P2HIGHCVSS 8.8PoCfixed in libgd2 2.2.5-5.1 (bookworm)2019
CVE-2019-6977 [HIGH] CVE-2019-6977: libgd2 - gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2... gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. Scope: local bookwor
debian
CVE-2016-3074P2CRITICALCVSS 9.8PoCfixed in libgd2 2.1.1-4.1 (bookworm)2016
CVE-2016-3074 [CRITICAL] CVE-2016-3074: libgd2 - Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allo... Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 2.1.1-4.1) bullseye: resolved (fixed in 2.1.1-4.1) forky: resolved (fixe
debian
CVE-2004-0990P3CRITICALCVSS 10.0PoCfixed in libgd2 2.0.30-1 (bookworm)2004
CVE-2004-0990 [CRITICAL] CVE-2004-0990: libgd2 - Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly othe... Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
debian
CVE-2007-1001P3MEDIUMCVSS 6.8PoCfixed in libgd2 2.0.33-1 (bookworm)2007
CVE-2007-1001 [MEDIUM] CVE-2007-1001: libgd2 - Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in w... Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values. Scope: local bookworm: resolved (fixed in 2.0.33-1) bullseye: resolved (fixed
debian
CVE-2018-1000222P3LOWCVSS 8.8fixed in libgd2 2.2.5-4.1 (bookworm)2018
CVE-2018-1000222 [HIGH] CVE-2018-1000222: libgd2 - Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImag... Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. Scope: local bookworm: res
debian
CVE-2016-10166P3CRITICALCVSS 9.8fixed in libgd2 2.2.4-1 (bookworm)2016
CVE-2016-10166 [CRITICAL] CVE-2016-10166: libgd2 - Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in... Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. Scope: local bookworm: resolved (fixed in 2.2.4-1) bullseye: resolved (fixed in 2.2.4-1) forky: resolved (fixed in 2.2.4-1) sid: res
debian
CVE-2006-2906P4LOWCVSS 5.4PoCfixed in libgd2 2.0.33-5 (bookworm)2006
CVE-2006-2906 [MEDIUM] CVE-2006-2906: libgd2 - The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell g... The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. Scope: local bookworm: resolved (fixed in 2.0.33-5) bullseye: resolved (fixed in 2.0.33-5) forky: resolved (fixed in 2.0
debian
CVE-2016-7568P3CRITICALCVSS 9.8fixed in libgd2 2.2.3-87-gd0fec80-1 (bookworm)2016
CVE-2016-7568 [CRITICAL] CVE-2016-7568: libgd2 - Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics ... Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls. Scope: local bookworm: resolved (fixed in 2.2.3-87-
debian
CVE-2016-5766P3HIGHCVSS 8.8fixed in libgd2 2.2.2-29-g3c2b605-1 (bookworm)2016
CVE-2016-5766 [HIGH] CVE-2016-5766: libgd2 - Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Li... Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image
debian
CVE-2019-6978P3CRITICALCVSS 9.8fixed in libgd2 2.2.5-5.1 (bookworm)2019
CVE-2019-6978 [CRITICAL] CVE-2019-6978: libgd2 - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr()... The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. Scope: local bookworm: resolved (fixed in 2.2.5-5.1) bullseye: resolved (fixed in 2.2.5-5.1) forky: resolved (fixed in 2.2.5-5.1) sid: resolved (fixed in 2.2.5-5.1) trixie: resolved (fixed in 2.2.5-5.1)
debian
CVE-2016-5767P3HIGHCVSS 8.8fixed in libgd2 2.0.34~rc1-1 (bookworm)2016
CVE-2016-5767 [HIGH] CVE-2016-5767: libgd2 - Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Librar... Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. Scope: l
debian
CVE-2016-8670P3CRITICALCVSS 9.8fixed in libgd2 2.2.3-87-gd0fec80-1 (bookworm)2016
CVE-2016-8670 [CRITICAL] CVE-2016-8670: libgd2 - Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD G... Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call. Scope: local bookworm: re
debian
CVE-2016-6912P3CRITICALCVSS 9.8fixed in libgd2 2.2.4-1 (bookworm)2016
CVE-2016-6912 [CRITICAL] CVE-2016-6912: libgd2 - Double free vulnerability in the gdImageWebPtr function in the GD Graphics Libra... Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values. Scope: local bookworm: resolved (fixed in 2.2.4-1) bullseye: resolved (fixed in 2.2.4-1) forky: resolved (fixed in 2.2.4-1) sid: resolved (fixed in 2.2.4-1) trixie: resolved
debian
CVE-2004-0941P3CRITICALCVSS 10.0fixed in libgd2 2.0.33-1.1 (bookworm)2004
CVE-2004-0941 [CRITICAL] CVE-2004-0941: libgd2 - Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier ... Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990. Scope: local bookworm: resolved (fixed in 2.0.33-1.1) bullseye: resolved (fixe
debian
CVE-2009-3546P3MEDIUMCVSS 7.5fixed in libgd2 2.0.36~rc1~dfsg-3.1 (bookworm)2009
CVE-2009-3546 [HIGH] CVE-2009-3546: libgd2 - The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and t... The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtaine
debian
CVE-2016-5116P3CRITICALCVSS 9.1fixed in libgd2 2.2.1-1 (bookworm)2016
CVE-2016-5116 [CRITICAL] CVE-2016-5116: libgd2 - gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain... gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name. Scope: local bookworm: resolved (fixed in 2.2.1-1) bullseye: resol
debian
CVE-2016-9933P3HIGHCVSS 7.5fixed in libgd2 2.2.2-29-g3c2b605-1 (bookworm)2016
CVE-2016-9933 [HIGH] CVE-2016-9933: libgd2 - Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in t... Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. Scope: local bookworm: resolve
debian
CVE-2007-0455P3LOWCVSS 7.5fixed in libgd2 2.0.35.dfsg-1 (bookworm)2007
CVE-2007-0455 [HIGH] CVE-2007-0455: libgd2 - Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Libra... Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Scope: local bookworm: resolved (fixed in 2.0.35.dfsg-1) bullseye: resolved (fixed in 2.0.35.dfsg-1) forky: resolv
debian
CVE-2015-8874P3HIGHCVSS 7.5fixed in libgd2 2.2.1-1 (bookworm)2015
CVE-2015-8874 [HIGH] CVE-2015-8874: libgd2 - Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attacke... Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. Scope: local bookworm: resolved (fixed in 2.2.1-1) bullseye: resolved (fixed in 2.2.1-1) forky: resolved (fixed in 2.2.1-1) sid: resolved (fixed in 2.2.1-1) trixie: resolved (fixed in 2.2.1-1)
debian
CVE-2007-3473P4LOWCVSS 4.3PoCfixed in libgd2 2.0.35.dfsg-1 (bookworm)2007
CVE-2007-3473 [MEDIUM] CVE-2007-3473: libgd2 - The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 a... The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. Scope: local bookworm: resolved (fixed in 2.0.35.dfsg-1) bullseye: resolved (fixed in 2.0.35.dfsg-1) forky: resolved (fixed in 2.0.35.dfsg-1) sid: resolved
debian
Debian Libgd2 vulnerabilities | cvebase