National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:libgd:libgd:1.7.1
There are 19 matching records.
Vuln ID Summary CVSS Severity
CVE-2016-10168

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.

Published: March 15, 2017; 11:59:00 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-10167

The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.

Published: March 15, 2017; 11:59:00 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10166

Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.

Published: March 15, 2017; 11:59:00 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-6906

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.

Published: March 15, 2017; 10:59:00 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-9317

The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.

Published: January 26, 2017; 10:59:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 7.1 HIGH
CVE-2016-6912

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.

Published: January 26, 2017; 10:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-6911

The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.

Published: January 26, 2017; 10:59:00 AM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-8670

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.

Published: January 04, 2017; 03:59:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-6905

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.

Published: October 03, 2016; 05:59:05 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-7568

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

Published: September 28, 2016; 04:59:02 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-6214

gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

Published: August 12, 2016; 11:59:04 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-6207

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

Published: August 12, 2016; 11:59:03 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-6161

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

Published: August 12, 2016; 11:59:02 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-6132

The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

Published: August 12, 2016; 11:59:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-6128

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.

Published: August 07, 2016; 06:59:22 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-5767

Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.

Published: August 07, 2016; 06:59:14 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-5116

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

Published: August 07, 2016; 06:59:12 AM -04:00
V3.0: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2015-8877

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.

Published: May 21, 2016; 09:59:09 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2014-9709

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Published: March 30, 2015; 06:59:05 AM -04:00
    V2: 5.0 MEDIUM