Search CVE reports
1 – 10 of 60 results
Some fixes available 4 of 10
The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.
5 affected packages
php5, php7.0, php7.2, libgd2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release |
| php7.2 | Not in release | Not in release | Not in release | Not affected |
| libgd2 | Not affected | Fixed | Fixed | Fixed |
| php7.3 | Not in release | Not in release | Not in release | Not in release |
gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being...
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libgd2 | — | Fixed | Fixed | Fixed |
| php5 | — | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release |
| php7.2 | — | Not in release | Not in release | Not affected |
| php7.3 | — | Not in release | Not in release | Not in release |
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libgd2 | — | Fixed | Fixed | Fixed |
| php5 | — | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release |
| php7.2 | — | Not in release | Not in release | Not affected |
| php7.3 | — | Not in release | Not in release | Not in release |
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
5 affected packages
php7.0, libgd2, php5, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php7.0 | — | — | Not in release | Not in release |
| libgd2 | — | — | Not affected | Fixed |
| php5 | — | — | Not in release | Not in release |
| php7.2 | — | — | Not in release | Not affected |
| php7.3 | — | — | Not in release | Not in release |
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based...
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libgd2 | — | — | — | Fixed |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.2 | — | — | — | Not affected |
| php7.3 | — | — | — | Not in release |
Some fixes available 3 of 5
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply...
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libgd2 | — | — | Not affected | Fixed |
| php5 | — | — | Not in release | Not in release |
| php7.0 | — | — | Not in release | Not in release |
| php7.2 | — | — | Not in release | Not affected |
| php7.3 | — | — | Not in release | Not in release |
Some fixes available 9 of 10
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF...
4 affected packages
php5, libgd2, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | Not in release | Not in release |
| libgd2 | — | — | Fixed | Fixed |
| php7.0 | — | — | Not in release | Not in release |
| php7.1 | — | — | Not in release | Not in release |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All...
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libgd2 | — | — | — | Fixed |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.2 | — | — | — | Not affected |
| php7.3 | — | — | — | Not in release |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All...
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libgd2 | — | — | — | Fixed |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.2 | — | — | — | Not affected |
| php7.3 | — | — | — | Not in release |
Some fixes available 15 of 26
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
6 affected packages
libgd2, php5, php7.0, php7.2, doxygen, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libgd2 | Fixed | Fixed | Fixed | Fixed |
| php5 | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release |
| php7.2 | Not in release | Not in release | Not in release | Not affected |
| doxygen | Vulnerable | Vulnerable | Vulnerable | Not affected |
| php7.3 | Not in release | Not in release | Not in release | Not in release |