threat
engine
.sh
Back
·
··:··
Home
/
Product
/
libgd
Product
libgd
39 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-40812
<= 2.3.2
The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf r
6.5
MEDIUM
CVE-2021-40145
<= 2.3.2
gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "
7.5
HIGH
CVE-2021-38115
<= 2.3.2
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of serv
6.5
MEDIUM
CVE-2017-6363
<= 2.2.5
In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the
8.1
HIGH
CVE-2018-14553
>= 2.1.1 and <= 2.2.5
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application vi
7.5
HIGH
CVE-2019-11038
all versions
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PH
5.3
MEDIUM
CVE-2019-6978
all versions
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp
9.8
CRITICAL
CVE-2019-6977
all versions
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP
8.8
HIGH
CVE-2018-1000222
all versions
Libgd version 2.2.5 contains a Double Free Vulnerability in gdImageBmpPtr Function that can result in Remote Code Ex
8.8
HIGH
CVE-2017-6362
all versions
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of servic
7.5
HIGH
CVE-2016-10168
<= 2.2.3
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact
7.8
HIGH
CVE-2016-10167
<= 2.2.3
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to ca
5.5
MEDIUM
CVE-2016-10166
<= 2.2.3
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4
9.8
CRITICAL
CVE-2016-6906
<= 2.2.3
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a den
5.5
MEDIUM
CVE-2016-9317
<= 2.2.3
The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of servic
5.5
MEDIUM
CVE-2016-6912
<= 2.2.3
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attacker
9.8
CRITICAL
CVE-2016-6911
<= 2.2.3
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of servic
5.5
MEDIUM
CVE-2016-9933
all versions
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, a
7.5
HIGH
CVE-2016-8670
<= 2.2.3
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used
9.8
CRITICAL
CVE-2016-6905
<= 2.2.2
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a den
6.5
MEDIUM
CVE-2016-7568
<= 2.2.3
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP
9.8
CRITICAL
CVE-2016-6214
<= 2.2.2
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds r
6.5
MEDIUM
CVE-2016-6207
<= 2.2.2
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allow
6.5
MEDIUM
CVE-2016-6161
<= 2.2.2
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (o
6.5
MEDIUM
CVE-2016-6132
<= 2.2.2
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial
6.5
MEDIUM
CVE-2016-6128
<= 2.2.2
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, a
7.5
HIGH
CVE-2016-5767
<= 2.0.33
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP bef
8.8
HIGH
CVE-2016-5766
all versions
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP bef
8.8
HIGH
CVE-2016-5116
<= 2.2.1
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-d
9.1
CRITICAL
CVE-2013-7456
all versions
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x
7.6
HIGH
CVE-2015-8877
<= 2.1.1
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before
7.5
HIGH
CVE-2016-3074
all versions
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (
9.8
CRITICAL
CVE-2014-9709
<= 2.1.1
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote a
CVE-2009-3546
all versions
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly veri
CVE-2007-3477
<= 2.0.35
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial o
CVE-2007-3474
<= 2.0.35
Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact an
CVE-2007-3473
<= 2.0.35_rc5
The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a de
CVE-2007-3472
<= 2.0.35
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote a
CVE-2007-2756
all versions
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a cra
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin