MidnightBSD

Advisories for libgd

CVE-2009-3546 HIGH

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libgd gd_graphics_library 2.0.33
php php 5.3.0
libgd gd_graphics_library 2.0.34
libgd gd_graphics_library 2.0.36
libgd gd_graphics_library 2.0.35
php php 5.2.11
CVE-2013-7456 MEDIUM

gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libgd libgd 2.1.0
CVE-2014-9709 MEDIUM

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 14.04
debian debian_linux 7.0
opensuse opensuse 13.2
canonical ubuntu_linux 16.04
libgd libgd *
canonical ubuntu_linux 15.10
php php *
opensuse opensuse 13.1
canonical ubuntu_linux 12.04
CVE-2015-8877 MEDIUM

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
libgd libgd *
php php *
CVE-2016-10166 HIGH

Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-191,

Products Affected

Vendor Product Version
libgd libgd *
CVE-2016-10167 MEDIUM

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libgd libgd *
CVE-2016-10168 MEDIUM

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
libgd libgd *
CVE-2016-3074 HIGH

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-681,

Products Affected

Vendor Product Version
debian debian_linux 8.0
fedoraproject fedora 24
libgd libgd 2.1.1
canonical ubuntu_linux 14.04
debian debian_linux 7.0
fedoraproject fedora 23
opensuse opensuse 13.2
canonical ubuntu_linux 16.04
canonical ubuntu_linux 15.10
php php *
canonical ubuntu_linux 12.04
CVE-2016-5116 MEDIUM

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 8.0
opensuse leap 42.1
libgd libgd *
CVE-2016-5766 MEDIUM

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
fedoraproject fedora 24
freebsd freebsd 9.3
freebsd freebsd 8.1
freebsd freebsd 8.0
freebsd freebsd 8.2
redhat openshift 2.0
freebsd freebsd 10.1
freebsd freebsd 10.0
freebsd freebsd 10.3
redhat enterprise_linux 6.0
debian debian_linux 8.0
freebsd freebsd 8.4
freebsd freebsd 9.2
freebsd freebsd 8.3
libgd libgd 2.2.2
freebsd freebsd 10.2
fedoraproject fedora 22
redhat enterprise_linux 5
fedoraproject fedora 23
freebsd freebsd 9.1
freebsd freebsd 9.0
CVE-2016-5767 MEDIUM

Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
libgd libgd *
CVE-2016-6128 MEDIUM

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 14.04
opensuse leap 42.1
canonical ubuntu_linux 16.04
libgd libgd *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 12.04
CVE-2016-6132 MEDIUM

The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 8.0
opensuse leap 42.1
libgd libgd *
CVE-2016-6161 MEDIUM

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 8.0
opensuse leap 42.1
libgd libgd *
CVE-2016-6207 MEDIUM

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-190,CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
opensuse leap 42.1
libgd libgd *
php php *
CVE-2016-6214 MEDIUM

gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 8.0
opensuse leap 42.1
libgd libgd *
CVE-2016-6905 MEDIUM

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 42.1
opensuse opensuse 13.2
libgd libgd *
CVE-2016-6906 MEDIUM

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libgd libgd *
CVE-2016-6911 MEDIUM

The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libgd libgd *
CVE-2016-6912 HIGH

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
libgd libgd *
CVE-2016-7568 HIGH

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 8.0
libgd libgd *
php php *
CVE-2016-8670 HIGH

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libgd libgd *
CVE-2016-9317 HIGH

The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libgd libgd *
CVE-2016-9933 MEDIUM

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libgd libgd 2.2.1
CVE-2017-6362 MEDIUM

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
fedoraproject fedora 26
canonical ubuntu_linux 16.04
libgd libgd 2.2.4
CVE-2017-6363 MEDIUM

In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libgd libgd *
CVE-2018-1000222 MEDIUM

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
libgd libgd 2.2.5
CVE-2018-14553 MEDIUM

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
libgd libgd *
fedoraproject fedora 32
libgd libgd 2.1.0
opensuse leap 15.1
CVE-2019-11038 MEDIUM

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-457,CWE-908,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
canonical ubuntu_linux 19.10
suse linux_enterprise_workstation_extension 12
redhat enterprise_linux 8.0
redhat software_collections 1.0
canonical ubuntu_linux 16.04
fedoraproject fedora 32
php php *
opensuse leap 15.1
fedoraproject fedora 29
libgd libgd 2.2.5
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
suse linux_enterprise_server 12
debian debian_linux 9.0
fedoraproject fedora 30
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_debuginfo 11
suse linux_enterprise_desktop 12
CVE-2019-6977 MEDIUM

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
php php 7.3.0
debian debian_linux 9.0
canonical ubuntu_linux 16.04
netapp storage_automation_store *
php php *
canonical ubuntu_linux 18.10
libgd libgd 2.2.5
CVE-2019-6978 HIGH

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
debian debian_linux 9.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.10
libgd libgd 2.2.5
CVE-2021-38115 MEDIUM

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libgd libgd *
CVE-2021-40145 MEDIUM

gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
libgd libgd *
CVE-2021-40812 MEDIUM

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
libgd libgd *