Debian Libgd2 vulnerabilities

CVE-2021-40812 [MEDIUM] CVE-2021-40812: libgd2 - The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read beca... The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks. Scope: local bookworm: resolved (fixed in 2.3.3-1) bullseye: resolved (fixed in 2.3.0-2+deb11u1) forky: resolved (fixed in 2.3.3-1) sid: resolved (fixed in 2.3.3-1) trixie: resolved (fixed in 2.3.3-1)

CVE-2021-38115 [MEDIUM] CVE-2021-38115: libgd2 - read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2... read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. Scope: local bookworm: resolved (fixed in 2.3.3-1) bullseye: resolved (fixed in 2.3.0-2+deb11u1) forky: resolved (fixed in 2.3.3-1) sid: resolved (fixed in 2.3.3-1) trixie: resolved (fixed

CVE-2021-40145 [HIGH] CVE-2021-40145: libgd2 - gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 h... gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes. Scope: local bookworm: resolved (fixed in 2.3.3-1) bullseye: resolved (fixe

CVE-2019-6978 [CRITICAL] CVE-2019-6978: libgd2 - The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr()... The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. Scope: local bookworm: resolved (fixed in 2.2.5-5.1) bullseye: resolved (fixed in 2.2.5-5.1) forky: resolved (fixed in 2.2.5-5.1) sid: resolved (fixed in 2.2.5-5.1) trixie: resolved (fixed in 2.2.5-5.1)

CVE-2019-6977 [HIGH] CVE-2019-6977: libgd2 - gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2... gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. Scope: local bookwor

CVE-2019-11038 [MEDIUM] CVE-2019-11038: libgd2 - When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka L... When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has be

CVE-2018-5711 [MEDIUM] CVE-2018-5711: libgd2 - gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33... gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCrea

CVE-2018-14553 [HIGH] CVE-2018-14553: libgd2 - gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer derefer... gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). Scope: local bookworm: resolved (fixed in 2.3.0-1) bullseye: resolved (fixed in 2.3.0-1) forky: resolved (fixed in 2.3.0-1) sid: resolv

CVE-2018-1000222 [HIGH] CVE-2018-1000222: libgd2 - Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImag... Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. Scope: local bookworm: res

CVE-2017-6363 [HIGH] CVE-2017-6363: libgd2 - In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buff... In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.' Scope: local bookworm: resolved (fixed in 2.3.0-1) bull

CVE-2017-6362 [HIGH] CVE-2017-6362: libgd2 - Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 a... Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Scope: local bookworm: resolved (fixed in 2.2.5-1) bullseye: resolved (fixed in 2.2.5-1) forky: resolved (fixed in 2.2.5-1) sid: resolved (fixed in 2.2.5-1) trixie: resolved (fixed in 2.2.5-

CVE-2017-7890 [MEDIUM] CVE-2017-7890: libgd2 - The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graph... The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. Scope: local b

CVE-2016-5116 [CRITICAL] CVE-2016-5116: libgd2 - gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain... gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name. Scope: local bookworm: resolved (fixed in 2.2.1-1) bullseye: resol

CVE-2016-6912 [CRITICAL] CVE-2016-6912: libgd2 - Double free vulnerability in the gdImageWebPtr function in the GD Graphics Libra... Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values. Scope: local bookworm: resolved (fixed in 2.2.4-1) bullseye: resolved (fixed in 2.2.4-1) forky: resolved (fixed in 2.2.4-1) sid: resolved (fixed in 2.2.4-1) trixie: resolved

CVE-2016-10166 [CRITICAL] CVE-2016-10166: libgd2 - Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in... Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. Scope: local bookworm: resolved (fixed in 2.2.4-1) bullseye: resolved (fixed in 2.2.4-1) forky: resolved (fixed in 2.2.4-1) sid: res

CVE-2016-3074 [CRITICAL] CVE-2016-3074: libgd2 - Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allo... Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 2.1.1-4.1) bullseye: resolved (fixed in 2.1.1-4.1) forky: resolved (fixe

CVE-2016-8670 [CRITICAL] CVE-2016-8670: libgd2 - Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD G... Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call. Scope: local bookworm: re

CVE-2016-7568 [CRITICAL] CVE-2016-7568: libgd2 - Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics ... Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls. Scope: local bookworm: resolved (fixed in 2.2.3-87-

CVE-2016-5766 [HIGH] CVE-2016-5766: libgd2 - Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Li... Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image

CVE-2016-9933 [HIGH] CVE-2016-9933: libgd2 - Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in t... Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. Scope: local bookworm: resolve