Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
203
security advisorydenial of servicecriticalMageia 8 MGASA-2021-0433 Critical: LibGD Denial of Service
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. (CVE-2021-38115) gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through . MGASA-2021-0433 - Updated libgd packages fix security vulnerability Publication date: 23 Sep 2021 URL: https://advisories.mageia.org/MGASA-2021-0433.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-38115, CVE-2021-40145 read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. (CVE-2021-38115) gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. (CVE-2021-40145) References: - https://bugs.mageia.org/show_bug.cgi?id=29448 - https://ubuntu.com/security/notices/USN-5068-1 - https://www.cve.org/CVERecord?id=CVE-2021-38115 - https://www.cve.org/CVERecord?id=CVE-2021-40145 SRPMS: - 8/core/libgd-2.3.1-1.1.mga8 . Mageia has issued a security patch for libgd packages addressing denial of service vulnerabilities associated with specially designed TGA files.. Mageia Security Update, LibGD Vulnerabilities, Denial of Service Fixes. . Severity: Critical. LinuxSecurity.com Team
Sep 23, 2021
•Critical
Mageia
203
security advisorysecurity fixmoderate severityMageia 8 MGASA-2021-0264 Moderate: Libgd Integer Overflow Issue
A potential integer overflow is fixed in version 2.3.1. References: - https://bugs.mageia.org/show_bug.cgi?id=29019 - https://lists.fedoraproject.org/archives/list/
Jun 16, 2021
Mageia
203
security advisorysecurity issuemedium severityMageia 7: MGASA-2020-0134 Medium: Libgd Stack Disclosure
The updated packages fix a security vulnerability: When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to . MGASA-2020-0134 - Updated libgd packages fix security vulnerability Publication date: 08 Mar 2020 URL: https://advisories.mageia.org/MGASA-2020-0134.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-11038 The updated packages fix a security vulnerability: When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. (CVE-2019-11038) References: - https://bugs.mageia.org/show_bug.cgi?id=26306 - http://lists.suse.com/pipermail/sle-security-updates/2020-March/006579.html - https://www.cve.org/CVERecord?id=CVE-2019-11038 SRPMS: - 7/core/libgd-2.2.5-5.2.mga7 . Mageia has released an update for libgd to address a security vulnerability stemming from an uninitialized variable, which may result in potential data leakage.. libgd security update, Mageia security patch, GD Graphics Library issue. . Severity: Medium. LinuxSecurity.com Team
Mar 08, 2020
•Medium
Mageia
203
security advisorybug fixNULL pointerMageia: 2020-0098 Moderate: libgd NULL Pointer Crash Risk
The updated packages fix a security vulnerability: gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. (CVE-2018-14553) . MGASA-2020-0098 - Updated libgd packages fix security vulnerability Publication date: 24 Feb 2020 URL: https://advisories.mageia.org/MGASA-2020-0098.html Type: security Affected Mageia releases: 7 CVE: CVE-2018-14553 The updated packages fix a security vulnerability: gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. (CVE-2018-14553) References: - https://bugs.mageia.org/show_bug.cgi?id=26220 - https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html - https://www.cve.org/CVERecord?id=CVE-2018-14553 SRPMS: - 7/core/libgd-2.2.5-5.1.mga7 . Mageia has responded to important libgd security weaknesses that may cause application failures. Investigate available patches and further information.. Mageia Security Update, libgd Exploit Risk, Application Crash Prevention. . LinuxSecurity.com Team
Feb 24, 2020
Mageia
203
security advisorysecurity updatebuffer overflowMageia 2019-0073 Critical: LibGD Buffer Overflow Exploit
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5 has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger calls to the function with crafted image data (CVE-2019-6977). . MGASA-2019-0073 - Updated libgd packages fix security vulnerability Publication date: 13 Feb 2019 URL: https://advisories.mageia.org/MGASA-2019-0073.html Type: security Affected Mageia releases: 6 CVE: CVE-2019-6977, CVE-2019-6978 gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5 has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger calls to the function with crafted image data (CVE-2019-6977). The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978). References: - https://bugs.mageia.org/show_bug.cgi?id=24336 - https://lists.debian.org/debian-security-announce/2019/msg00023.html - https://www.cve.org/CVERecord?id=CVE-2019-6977 - https://www.cve.org/CVERecord?id=CVE-2019-6978 SRPMS: - 6/core/libgd-2.2.5-2.3.mga6 . MGASA-2019-0073 - Updated libgd packages fix security vulnerability Publication date: 13 Feb 2019 UR. gdimagecolormatch, gd_color_match, graphics, library, libgd), heap-based. . Severity: Critical. LinuxSecurity.com Team
Feb 13, 2019
•Critical
Mageia
203
security advisoryremote code executioninfinite loopMageia 6: MGASA-2018-0367 Moderate: libgd Remote Code Execution
The updated packages fix security vulnerabilities: gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a . MGASA-2018-0367 - Updated libgd packages fix security vulnerabilities Publication date: 02 Sep 2018 URL: https://advisories.mageia.org/MGASA-2018-0367.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-5711, CVE-2018-1000222 The updated packages fix security vulnerabilities: gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx (CVE-2018-5711). Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free (CVE-2018-1000222). References: - https://bugs.mageia.org/show_bug.cgi?id=23496 - https://ubuntu.com/security/notices/USN-3755-1 - https://www.cve.org/CVERecord?id=CVE-2018-5711 - https://www.cve.org/CVERecord?id=CVE-2018-1000222 SRPMS: - 6/core/libgd-2.2.5-2.1.mga6 . Revised libgd versions address significant security flaws, notably infinite looping and remote execution vulnerabilities within Mageia.. Mageia Security Update, libgd Vulnerability Fix, PHP Security Patch, Remote Code Execution, GD Library Exploit. . LinuxSecurity.com Team
Sep 02, 2018
Mageia
172
security advisorydenial of servicecode executionUbuntu 18.04: USN-3755-1 Moderate: Libgd2 Code Execution and DoS
Several security issues were fixed in GD.. =========================================================================Ubuntu Security Notice USN-3755-1 August 27, 2018 libgd2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in GD. Software Description: - libgd2: GD Graphics Library Details: It was discovered that GD incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1000222) It was discovered that GD incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-5711) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libgd-tools 2.2.5-4ubuntu0.2 libgd3 2.2.5-4ubuntu0.2 Ubuntu 16.04 LTS: libgd-tools 2.1.1-4ubuntu0.16.04.10 libgd3 2.1.1-4ubuntu0.16.04.10 Ubuntu 14.04 LTS: libgd-tools 2.1.0-3ubuntu0.10 libgd3 2.1.0-3ubuntu0.10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3755-1 CVE-2018-1000222, CVE-2018-5711 Package Information: https://launchpad.net/ubuntu/+source/libgd2/2.2.5-4ubuntu0.2 https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.10 https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.10 . Ubuntu Security Notice USN-3755-2 emphasizes vulnerabilities in the GD library, providing necessary patches for libgd2 across variousdistributions.. libgd2 Issues, Ubuntu Security, Graphics Library Threats. . Severity: Important. LinuxSecurity.com Team
Aug 27, 2018
•Important
Ubuntu
172
security advisorydenial of servicecritical issueUbuntu 16.04 LTS USN-3030-1 Critical: libgd Denial Of Service
The GD library could be made to crash or run programs if it processed a specially crafted image file.. =========================================================================Ubuntu Security Notice USN-3030-1 July 11, 2016 libgd2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: The GD library could be made to crash or run programs if it processed a specially crafted image file. Software Description: - libgd2: GD Graphics Library Details: It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7456) It was discovered that the GD library incorrectly handled certain malformed XBM images. If a user or automated system were tricked into processing a specially crafted XBM image, an attacker could cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-5116) It was discovered that the GD library incorrectly handled memory when using _gd2GetHeader(). A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2016-5766) It was discovered that the GD library incorrectly handled certain color indexes. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-6128) It was discovered that the GD library incorrectly handled memory when encoding a GIF image. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-6161) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libgd3 2.1.1-4ubuntu0.16.04.2 Ubuntu 15.10: libgd3 2.1.1-4ubuntu0.15.10.2 Ubuntu 14.04 LTS: libgd3 2.1.0-3ubuntu0.2 Ubuntu 12.04 LTS: libgd2-noxpm 2.0.36~rc1~dfsg-6ubuntu2.2 libgd2-xpm 2.0.36~rc1~dfsg-6ubuntu2.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3030-1 CVE-2013-7456, CVE-2016-5116, CVE-2016-5766, CVE-2016-6128, CVE-2016-6161 Package Information: https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/libgd2/2.1.1-4ubuntu0.15.10.2 https://launchpad.net/ubuntu/+source/libgd2/2.1.0-3ubuntu0.2 https://launchpad.net/ubuntu/+source/libgd2/2.0.36~rc1~dfsg-6ubuntu2.2 . Multiple vulnerabilities in libgd identified across different Ubuntu distributions may result in application crashes or facilitate unauthorized code execution.. libgd Issues, Ubuntu 16.04, Security Flaws, Denial Of Service, Critical Update. . Severity: Critical. LinuxSecurity.com Team
Jul 11, 2016
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!