Search CVE reports
161 – 170 of 248 results
CVE-2016-10167
Medium priorityThe gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
4 affected packages
libgd2, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgd2 | — | — | — | — | Fixed |
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Not affected |
| php7.1 | — | — | — | — | Not in release |
CVE-2016-10166
Medium priorityInteger underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
3 affected packages
libgd2, php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgd2 | — | — | — | — | Fixed |
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Not affected |
CVE-2016-8670
Medium priorityInteger signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of...
3 affected packages
libgd2, php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgd2 | — | — | — | — | Fixed |
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Not affected |
CVE-2016-6911
Medium priorityThe dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
3 affected packages
libgd2, php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgd2 | — | — | — | — | Fixed |
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Not affected |
CVE-2016-6905
Medium priorityThe read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
3 affected packages
libgd2, php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgd2 | — | — | — | — | Fixed |
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Not affected |
CVE-2016-7568
Medium priorityInteger overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or...
3 affected packages
libgd2, php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgd2 | — | — | — | — | Fixed |
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Not affected |
CVE-2016-7418
Low priorityThe php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified...
2 affected packages
php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Fixed |
CVE-2016-7417
Medium priorityext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have...
2 affected packages
php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Fixed |
CVE-2016-7416
Low priorityext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of...
2 affected packages
php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Fixed |
CVE-2016-7414
Medium priorityThe ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds...
2 affected packages
php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Fixed |