VuXML ID | Description |
2a526c78-84ab-11e6-a4a1-60a44ce6887b | libgd -- integer overflow which could lead to heap buffer overflow
LibGD reports:
An integer overflow issue was found in function gdImageWebpCtx of file gd_webp.c which could lead to heap buffer overflow.
Discovery 2016-09-02 Entry 2016-10-11 Modified 2016-10-18 gd
le 2.2.3
php70-gd
le 7.0.11
php56-gd
le 5.6.26
https://github.com/libgd/libgd/issues/308
https://bugs.php.net/bug.php?id=73003
ports/213023
|
4e8344a3-ca52-11de-8ee8-00215c6a37bb | gd -- '_gdGetColors' remote buffer overflow vulnerability
CVE reports:
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and
5.3.0, and the GD Graphics Library 2.x, does not properly
verify a certain colorsTotal structure member, which might
allow remote attackers to conduct buffer overflow or buffer
over-read attacks via a crafted GD file, a different
vulnerability than CVE-2009-3293.
Discovery 2009-10-15 Entry 2009-11-05 Modified 2010-06-17 gd
< 2.0.35_2,1
php5-gd
< 5.2.11_2
php4-gd
< 4.4.9_4
36712
CVE-2009-3546
http://secunia.com/advisories/37069
http://secunia.com/advisories/37080
|
556d2286-5a51-11e6-a6c3-14dae9d210b8 | gd -- multiple vulnerabilities
Pierre Joye reports:
fix php bug 72339, Integer Overflow in _gd2GetHeader
(CVE-2016-5766)
gd: Buffer over-read issue when parsing crafted TGA
file (CVE-2016-6132)
Integer overflow error within _gdContributionsAlloc()
(CVE-2016-6207)
fix php bug 72494, invalid color index not handled, can
lead to crash ( CVE-2016-6128)
Discovery 2016-07-21 Entry 2016-08-04 gd
< 2.2.3,1
https://github.com/libgd/libgd/releases/tag/gd-2.2.3
CVE-2016-5766
CVE-2016-6132
CVE-2016-6207
CVE-2016-6128
|
62239968-2f2a-11d9-a9e7-0001020eed82 | gd -- integer overflow
infamous41md reports about the GD Graphics Library:
There is an integer overflow when allocating memory in
the routine that handles loading PNG image files. This
later leads to heap data structures being overwritten. If
an attacker tricked a user into loading a malicious PNG
image, they could leverage this into executing arbitrary
code in the context of the user opening image.
Discovery 2004-10-26 Entry 2004-11-05 gd
uk-gd
ja-gd
< 2.0.29,1
gt 1.*,2 lt 2.*,2
11523
CVE-2004-0990
http://marc.theaimsgroup.com/?l=bugtraq&m=109882489302099
http://www.boutell.com/gd/manual2.0.29.html#whatsnew2.0.29
|
6e099997-25d8-11dc-878b-000c29c5647f | gd -- multiple vulnerabilities
gd had been reported vulnerable to several
vulnerabilities:
- CVE-2007-3472: Integer overflow in gdImageCreateTrueColor
function in the GD Graphics Library (libgd) before 2.0.35
allows user-assisted remote attackers has unspecified attack
vectors and impact.
- CVE-2007-3473: The gdImageCreateXbm function in the GD
Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via
unspecified vectors involving a gdImageCreate failure.
- CVE-2007-3474: Multiple unspecified vulnerabilities in the GIF
reader in the GD Graphics Library (libgd) before 2.0.35 allow
user-assisted remote attackers to have unspecified attack vectors
and impact.
- CVE-2007-3475: The GD Graphics Library (libgd) before 2.0.35
allows user-assisted remote attackers to cause a denial of service
(crash) via a GIF image that has no global color map.
- CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to cause a denial of service (crash and heap corruption) via large
color index values in crafted image data, which results in a
segmentation fault.
- CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions
in GD Graphics Library (libgd) before 2.0.35 allows attackers to
cause a denial of service (CPU consumption) via a large (1) start or
(2) end angle degree value.
- CVE-2007-3478: Race condition in gdImageStringFTEx
(gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a
denial of service (crash) via unspecified vectors, possibly
involving truetype font (TTF) support.
Discovery 2007-06-21 Entry 2007-06-29 gd
< 2.0.35,1
CVE-2007-3472
CVE-2007-3473
CVE-2007-3474
CVE-2007-3475
CVE-2007-3476
CVE-2007-3477
CVE-2007-3478
http://www.libgd.org/ReleaseNote020035
http://www.frsirt.com/english/advisories/2007/2336
http://bugs.libgd.org/?do=details&task_id=89
http://bugs.libgd.org/?do=details&task_id=94
http://bugs.libgd.org/?do=details&task_id=70
http://bugs.libgd.org/?do=details&task_id=87
http://bugs.libgd.org/?do=details&task_id=92
http://bugs.libgd.org/?do=details&task_id=74
http://bugs.libgd.org/?do=details&task_id=48
http://bugs.php.net/bug.php?id=40578
|