Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Libgd Subscribe
Filtered by product Libgd
Total 34 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9709 5 Canonical, Debian, Libgd and 2 more 5 Ubuntu Linux, Debian Linux, Libgd and 2 more 2022-11-08 5.0 MEDIUM N/A
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
CVE-2016-6207 4 Debian, Libgd, Opensuse and 1 more 4 Debian Linux, Libgd, Leap and 1 more 2022-08-29 4.3 MEDIUM 6.5 MEDIUM
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
CVE-2016-3074 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2022-07-20 7.5 HIGH 9.8 CRITICAL
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
CVE-2018-14553 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2021-12-30 4.3 MEDIUM 7.5 HIGH
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
CVE-2021-40812 1 Libgd 1 Libgd 2021-09-15 4.3 MEDIUM 6.5 MEDIUM
The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.
CVE-2021-40145 1 Libgd 1 Libgd 2021-09-01 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes."
CVE-2021-38115 1 Libgd 1 Libgd 2021-08-11 4.3 MEDIUM 6.5 MEDIUM
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-6128 5 Canonical, Debian, Libgd and 2 more 5 Ubuntu Linux, Debian Linux, Libgd and 2 more 2020-11-16 5.0 MEDIUM 7.5 HIGH
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
CVE-2019-11038 8 Canonical, Debian, Fedoraproject and 5 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2020-10-16 5.0 MEDIUM 5.3 MEDIUM
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
CVE-2019-6977 5 Canonical, Debian, Libgd and 2 more 5 Ubuntu Linux, Debian Linux, Libgd and 2 more 2020-08-24 6.8 MEDIUM 8.8 HIGH
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
CVE-2018-1000222 3 Canonical, Debian, Libgd 3 Ubuntu Linux, Debian Linux, Libgd 2020-03-30 6.8 MEDIUM 8.8 HIGH
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.
CVE-2017-6363 1 Libgd 1 Libgd 2020-02-27 5.8 MEDIUM 8.1 HIGH
** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'"
CVE-2016-5766 6 Debian, Fedoraproject, Freebsd and 3 more 7 Debian Linux, Fedora, Freebsd and 4 more 2019-04-22 6.8 MEDIUM 8.8 HIGH
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
CVE-2019-6978 3 Canonical, Debian, Libgd 3 Ubuntu Linux, Debian Linux, Libgd 2019-04-04 7.5 HIGH 9.8 CRITICAL
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
CVE-2016-7568 3 Debian, Libgd, Php 3 Debian Linux, Libgd, Php 2019-03-07 7.5 HIGH 9.8 CRITICAL
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
CVE-2016-6905 2 Libgd, Opensuse 3 Libgd, Leap, Opensuse 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
CVE-2016-6214 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-6161 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
CVE-2016-6132 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2016-5116 4 Debian, Libgd, Opensuse and 1 more 4 Debian Linux, Libgd, Leap and 1 more 2018-10-30 6.4 MEDIUM 9.1 CRITICAL
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.