Libgd Libgd

Do you want an email whenever new security vulnerabilities are reported in Libgd?

By the Year

In 2022 there have been 0 vulnerabilities in Libgd . Last year Libgd had 3 security vulnerabilities published. Right now, Libgd is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 3 6.83
2020 1 7.50
2019 2 9.30
2018 1 8.80

It may take a day or so for new Libgd vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Libgd Security Vulnerabilities

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read

CVE-2021-40812 6.5 - Medium - September 08, 2021

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

Out-of-bounds Read

** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free

CVE-2021-40145 7.5 - High - August 26, 2021

** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes."

Double-free

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2

CVE-2021-38115 6.5 - Medium - August 04, 2021

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

Out-of-bounds Read

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference

CVE-2018-14553 7.5 - High - February 11, 2020

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

NULL Pointer Dereference

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c

CVE-2019-6978 9.8 - Critical - January 28, 2019

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

Double-free

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5

CVE-2019-6977 8.8 - High - January 27, 2019

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

Memory Corruption

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution

CVE-2018-1000222 8.8 - High - August 20, 2018

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.

Double-free

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Libgd? Click the Watch button to subscribe.

Libgd
Vendor

Libgd
Product

subscribe