FreshPorts - VuXML

LibGD reports:

An integer overflow issue was found in function gdImageWebpCtx of file gd_webp.c which could lead to heap buffer overflow.

le 2.2.3

le 7.0.11

le 5.6.26

CVE reports:

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293.

< 2.0.35_2,1

< 5.2.11_2

< 4.4.9_4

Pierre Joye reports:

• fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)

• gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)

• Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)

• fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)

< 2.2.3,1

infamous41md reports about the GD Graphics Library:

There is an integer overflow when allocating memory in the routine that handles loading PNG image files. This later leads to heap data structures being overwritten. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image.

< 2.0.29,1

gt 1.*,2 lt 2.*,2

gd had been reported vulnerable to several vulnerabilities:

• CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact.
• CVE-2007-3473: The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
• CVE-2007-3474: Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact.
• CVE-2007-3475: The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
• CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
• CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
• CVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.

< 2.0.35,1