A signedness vulnerability exists in libgd version 2.1.1 which may result in a heap overflow when processing compressed gd2 data.
3a2ce455a8601a1585ae58c370524696afc5c9cf036efab381d9622a8c9decf1
Debian Linux Security Advisory 4384-1 - Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.
185a43ed9d6a8dabfd51568c47827afdb4622c5d5deae768927db27844e37d1b
Red Hat Security Advisory 2017-3221-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application.
c46af562f56ec06eef4a10c3f008756691db8bca10ed5bafc3dbe1b14013cd5a
Debian Linux Security Advisory 3961-1 - A double-free vulnerability was discovered in the gdImagePngPtr() function in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a specially crafted file is processed.
5c66a00f74bd22b623046c9ead5e2049dc90b4d806dcc032db94d263bb01d035
Secunia Research has discovered a vulnerability in LibGD, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error within the "_gdContributionsAlloc()" function (gd_interpolation.c) and can be exploited to cause an out-of-bounds memory write access or exhaust available memory. Version 2.2.2 is affected.
92998209c35159f509bfca3cc0a070d94e80e86cc3547b28a2fad9d5f643df14
Debian Linux Security Advisory 3630-1 - Secunia Research at Flexera Software discovered an integer overflow vulnerability within the _gdContributionsAlloc() function in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of this flaw to cause a denial-of-service against an application using the libgd2 library.
5da39cc7be7960124d3a3a0b67e4b82259ece63499cc06e95475cdcfd7a14059
Debian Linux Security Advisory 3619-1 - Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library (application crash), or potentially to execute arbitrary code with the privileges of the user running the application.
3ab1c0b1ddecf980dd4d33f7d66025e28859df01864ca2ce789d9500ed6dfbae
Debian Linux Security Advisory 3587-1 - Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library.
f2f6c7f99cc86a7323da7dcfecc1fc94a9783d8e35c09aac160019baa2b5e88f
Debian Linux Security Advisory 3556-1 - Hans Jerry Illikainen discovered that libgd2, a library for programmatic graphics creation and manipulation, suffers of a signedness vulnerability which may result in a heap overflow when processing specially crafted compressed gd2 data. A remote attacker can take advantage of this flaw to cause an application using the libgd2 library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application.
4fb5df9dace3303fe13802ffbddb4d7d85114c9f5c087fdb4b2bd8891d489403
Debian Linux Security Advisory 3215-1 - Multiple vulnerabilities were discovered in libgd2, a graphics library.
f5407791a7d254b53e025eae1a764e715e59de2b3403d0297501a6900adb290c
Mandriva Linux Security Advisory 2015-153 - The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. A buffer read overflow in gd_gif_in.c in the php #68601 bug referenced in the PHP 5.5.21 ChangeLog has been fixed in the libgd package.
a3750e0e421fe88f4eaaad5c05512b32595ca9f6b63ea6e4f9a0aaf8a89492e3
Mandriva Linux Security Advisory 2014-172 - The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service via a crafted color table in an XPM file. file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service via a crafted file that triggers backtracking during processing of an awk rule. Various other issues have also been addressed. The updated php packages have been upgraded to the 5.5.16 version resolve these security flaws. Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.6 version.
b9ec681569fac685bfa6d31a9d2c25e37d33a1ade655ac8cb434db2d31a3b86d
Gentoo Linux Security Advisory 201401-1 - Multiple integer overflow vulnerabilities in Libgdiplus may allow remote attackers to execute arbitrary code. Versions less than 2.6.7-r1 are affected.
5783db96f95a77a277e71bced0b8a01bf1ad64037e199855fe5d55d305b6db4b
Secunia Security Advisory - Ubuntu has issued an update for libgdata. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
1a1587258c7647774a0fb54acfc08e82810406e76fa1a452dae41c42985155eb
Ubuntu Security Notice 1547-1 - Vreixo Formoso discovered that the libGData library, as used by Evolution and other applications, did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter data transmitted via the GData protocol.
a4ab1606db51fda6b3872f4eb812e94c816f2b0d3a0230277fcb0126b714fb2a
Secunia Security Advisory - Gentoo has issued an update for libgdata. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
d1ed51cac68ce4bfcd0670ca4f7d33fa31a5c9a1fe3f493c7b922d0ec4c88b70
Gentoo Linux Security Advisory 201208-6 - A vulnerability in libgdata could allow remote attackers to perform man-in-the-middle attacks. Versions less than 0.8.1-r2 are affected.
6c9550b2609f2f265e43e99e0791a7773adfb69954890e5f2e3a22021e0ab085
Mandriva Linux Security Advisory 2012-111 - It was found that previously libgdata, a GLib-based library for accessing online service APIs using the GData protocol, did not perform SSL certificates validation even for secured connections. An application, linked against the libgdata library and holding the trust about the other side of the connection being the valid owner of the certificate, could be tricked into accepting of a spoofed SSL certificate by mistake. The updated packages have been patched to correct this issue.
0e6890a08ae22ca1f467f5d5fce0ae80f27743e936d792f852966aa408755bd7
Secunia Security Advisory - SUSE has issued an update for libgdata. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
e0a55e39e5bcb6613e16b34c35efb53025eedde98eee939dd964ef02bdc7a5ad
Debian Linux Security Advisory 2482-1 - Vreixo Formoso discovered that libgdata, a library used to access various Google services, wasn't validating certificates against trusted system root CAs when using an https connection.
1d47094e9ab3199d3353d60e80d2221e27b8800fc67c6fd798aef369c4486afe
Secunia Security Advisory - Debian has issued an update for libgdata. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
ac1a5d9c7d1089bf74a81c0b0aabd9336389bca1ed88debea08283ac2a4b7885
Secunia Security Advisory - A security issue has been reported in libgdata, which can be exploited by malicious people to conduct spoofing attacks.
19f341fcb2e021ddc620159c062843fd40023a58d8edc0c4cf5ea557d763a8b4
Secunia Security Advisory - Ubuntu has issued an update for libgdiplus. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
bc5a1ea094dd18b1f8b3acbfc6a4220517a1097625bc815809dcc95b67b54268
Ubuntu Security Notice 993-1 - Stefan Cornelius discovered that libgdiplus incorrectly handled certain image files. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
c4ae7b6d120a2fbdc569c8dca350258ea492f3219cf688339d9dbe690dab4933
Secunia Security Advisory - Fedora has issued an update for libgdiplus. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
2349cfd551a46f7adfebb2389f0ac74c075aa90504807f42b0b3f08772d01ec2
Mandriva Linux Security Advisory 2010-166 - Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows. The updated packages have been patched to correct this issue.
da5ff90119d40112c96082889fb4d03c8984033ade5e99468d5e144613f8a459