exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 62 RSS Feed

Files

libgd 2.1.1 Signedness
Posted Apr 21, 2016
Authored by Hans Jerry Illikainen

A signedness vulnerability exists in libgd version 2.1.1 which may result in a heap overflow when processing compressed gd2 data.

tags | exploit, overflow
advisories | CVE-2016-3074
SHA-256 | 3a2ce455a8601a1585ae58c370524696afc5c9cf036efab381d9622a8c9decf1

Related Files

Debian Security Advisory 4384-1
Posted Feb 5, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4384-1 - Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-6977, CVE-2019-6978
SHA-256 | 185a43ed9d6a8dabfd51568c47827afdb4622c5d5deae768927db27844e37d1b
Red Hat Security Advisory 2017-3221-01
Posted Nov 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3221-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application.

tags | advisory, remote, web, denial of service, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2016-10167, CVE-2016-10168
SHA-256 | c46af562f56ec06eef4a10c3f008756691db8bca10ed5bafc3dbe1b14013cd5a
Debian Security Advisory 3961-1
Posted Sep 5, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3961-1 - A double-free vulnerability was discovered in the gdImagePngPtr() function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2017-6362
SHA-256 | 5c66a00f74bd22b623046c9ead5e2049dc90b4d806dcc032db94d263bb01d035
LibGD 2.2.2 Integer Overflow / Denial Of Service
Posted Aug 5, 2016
Authored by Kasper Leigh Haabb | Site secunia.com

Secunia Research has discovered a vulnerability in LibGD, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error within the "_gdContributionsAlloc()" function (gd_interpolation.c) and can be exploited to cause an out-of-bounds memory write access or exhaust available memory. Version 2.2.2 is affected.

tags | advisory, denial of service, overflow
advisories | CVE-2016-6207
SHA-256 | 92998209c35159f509bfca3cc0a070d94e80e86cc3547b28a2fad9d5f643df14
Debian Security Advisory 3630-1
Posted Jul 27, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3630-1 - Secunia Research at Flexera Software discovered an integer overflow vulnerability within the _gdContributionsAlloc() function in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of this flaw to cause a denial-of-service against an application using the libgd2 library.

tags | advisory, remote, overflow
systems | linux, debian
advisories | CVE-2016-6207
SHA-256 | 5da39cc7be7960124d3a3a0b67e4b82259ece63499cc06e95475cdcfd7a14059
Debian Security Advisory 3619-1
Posted Jul 18, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3619-1 - Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library (application crash), or potentially to execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2016-5116, CVE-2016-5766, CVE-2016-6128, CVE-2016-6132, CVE-2016-6161, CVE-2016-6214
SHA-256 | 3ab1c0b1ddecf980dd4d33f7d66025e28859df01864ca2ce789d9500ed6dfbae
Debian Security Advisory 3587-1
Posted May 27, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3587-1 - Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2013-7456, CVE-2015-8874, CVE-2015-8877
SHA-256 | f2f6c7f99cc86a7323da7dcfecc1fc94a9783d8e35c09aac160019baa2b5e88f
Debian Security Advisory 3556-1
Posted Apr 25, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3556-1 - Hans Jerry Illikainen discovered that libgd2, a library for programmatic graphics creation and manipulation, suffers of a signedness vulnerability which may result in a heap overflow when processing specially crafted compressed gd2 data. A remote attacker can take advantage of this flaw to cause an application using the libgd2 library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2016-3074
SHA-256 | 4fb5df9dace3303fe13802ffbddb4d7d85114c9f5c087fdb4b2bd8891d489403
Debian Security Advisory 3215-1
Posted Apr 6, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3215-1 - Multiple vulnerabilities were discovered in libgd2, a graphics library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-2497, CVE-2014-9709
SHA-256 | f5407791a7d254b53e025eae1a764e715e59de2b3403d0297501a6900adb290c
Mandriva Linux Security Advisory 2015-153
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-153 - The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. A buffer read overflow in gd_gif_in.c in the php #68601 bug referenced in the PHP 5.5.21 ChangeLog has been fixed in the libgd package.

tags | advisory, remote, denial of service, overflow, php
systems | linux, mandriva
advisories | CVE-2014-2497, CVE-2014-9709
SHA-256 | a3750e0e421fe88f4eaaad5c05512b32595ca9f6b63ea6e4f9a0aaf8a89492e3
Mandriva Linux Security Advisory 2014-172
Posted Sep 3, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-172 - The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service via a crafted color table in an XPM file. file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service via a crafted file that triggers backtracking during processing of an awk rule. Various other issues have also been addressed. The updated php packages have been upgraded to the 5.5.16 version resolve these security flaws. Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.6 version.

tags | advisory, remote, denial of service, php
systems | linux, mandriva
advisories | CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-5120
SHA-256 | b9ec681569fac685bfa6d31a9d2c25e37d33a1ade655ac8cb434db2d31a3b86d
Gentoo Linux Security Advisory 201401-01
Posted Jan 6, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-1 - Multiple integer overflow vulnerabilities in Libgdiplus may allow remote attackers to execute arbitrary code. Versions less than 2.6.7-r1 are affected.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-1526
SHA-256 | 5783db96f95a77a277e71bced0b8a01bf1ad64037e199855fe5d55d305b6db4b
Secunia Security Advisory 50432
Posted Aug 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libgdata. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, ubuntu
SHA-256 | 1a1587258c7647774a0fb54acfc08e82810406e76fa1a452dae41c42985155eb
Ubuntu Security Notice USN-1547-1
Posted Aug 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1547-1 - Vreixo Formoso discovered that the libGData library, as used by Evolution and other applications, did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter data transmitted via the GData protocol.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2012-1177
SHA-256 | a4ab1606db51fda6b3872f4eb812e94c816f2b0d3a0230277fcb0126b714fb2a
Secunia Security Advisory 50265
Posted Aug 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for libgdata. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, gentoo
SHA-256 | d1ed51cac68ce4bfcd0670ca4f7d33fa31a5c9a1fe3f493c7b922d0ec4c88b70
Gentoo Linux Security Advisory 201208-06
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-6 - A vulnerability in libgdata could allow remote attackers to perform man-in-the-middle attacks. Versions less than 0.8.1-r2 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2012-1177
SHA-256 | 6c9550b2609f2f265e43e99e0791a7773adfb69954890e5f2e3a22021e0ab085
Mandriva Linux Security Advisory 2012-111
Posted Jul 25, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-111 - It was found that previously libgdata, a GLib-based library for accessing online service APIs using the GData protocol, did not perform SSL certificates validation even for secured connections. An application, linked against the libgdata library and holding the trust about the other side of the connection being the valid owner of the certificate, could be tricked into accepting of a spoofed SSL certificate by mistake. The updated packages have been patched to correct this issue.

tags | advisory, spoof, protocol
systems | linux, mandriva
advisories | CVE-2012-1177
SHA-256 | 0e6890a08ae22ca1f467f5d5fce0ae80f27743e936d792f852966aa408755bd7
Secunia Security Advisory 49842
Posted Jul 11, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for libgdata. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, suse
SHA-256 | e0a55e39e5bcb6613e16b34c35efb53025eedde98eee939dd964ef02bdc7a5ad
Debian Security Advisory 2482-1
Posted Jun 5, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2482-1 - Vreixo Formoso discovered that libgdata, a library used to access various Google services, wasn't validating certificates against trusted system root CAs when using an https connection.

tags | advisory, web, root
systems | linux, debian
advisories | CVE-2012-2653
SHA-256 | 1d47094e9ab3199d3353d60e80d2221e27b8800fc67c6fd798aef369c4486afe
Secunia Security Advisory 49362
Posted Jun 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for libgdata. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, debian
SHA-256 | ac1a5d9c7d1089bf74a81c0b0aabd9336389bca1ed88debea08283ac2a4b7885
Secunia Security Advisory 48315
Posted Mar 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in libgdata, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | 19f341fcb2e021ddc620159c062843fd40023a58d8edc0c4cf5ea557d763a8b4
Secunia Security Advisory 41659
Posted Sep 30, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libgdiplus. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | bc5a1ea094dd18b1f8b3acbfc6a4220517a1097625bc815809dcc95b67b54268
Ubuntu Security Notice 993-1
Posted Sep 29, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 993-1 - Stefan Cornelius discovered that libgdiplus incorrectly handled certain image files. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-1526
SHA-256 | c4ae7b6d120a2fbdc569c8dca350258ea492f3219cf688339d9dbe690dab4933
Secunia Security Advisory 41373
Posted Sep 11, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for libgdiplus. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.

tags | advisory
systems | linux, fedora
SHA-256 | 2349cfd551a46f7adfebb2389f0ac74c075aa90504807f42b0b3f08772d01ec2
Mandriva Linux Security Advisory 2010-166
Posted Aug 31, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-166 - Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-1526
SHA-256 | da5ff90119d40112c96082889fb4d03c8984033ade5e99468d5e144613f8a459
Page 1 of 3
Back123Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close