Package "libgd-tools"
Name: |
libgd-tools
|
Description: |
GD command line tools and example code
|
Latest version: |
2.1.0-3ubuntu0.11 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
libgd2 |
Homepage: |
http://www.libgd.org/ |
Links
Download "libgd-tools"
Other versions of "libgd-tools" in Trusty
Changelog
libgd2 (2.1.0-3ubuntu0.5) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via invalid read in
gdImageCreateFromTiffPtr()
- debian/patches/CVE-2016-6911.patch: check out of bounds reads in
src/gd_io_dp.c, check return code in src/gd_tiff.c.
- CVE-2016-6911
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow in gdImageWebpCtx
- debian/patches/CVE-2015-7568.patch: check for overflow in
src/gd_webp.c.
- CVE-2016-7568
* SECURITY UPDATE: stack buffer overflow in dynamicGetbuf
- debian/patches/CVE-2016-8670.patch: avoid potentially dangerous
signed to unsigned conversion in src/gd_io_dp.c.
- CVE-2016-8670
-- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 14:18:07 +0200
|
Source diff to previous version |
CVE-2016-6911 |
invalid read in gdImageCreateFromTiffPtr() |
CVE-2015-7568 |
RESERVED |
CVE-2016-7568 |
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, all |
CVE-2016-8670 |
Stack Buffer Overflow in GD dynamicGetbuf |
|
libgd2 (2.1.0-3ubuntu0.3) trusty-security; urgency=medium
* SECURITY UPDATE: out of bounds read in TGA file parsing
- debian/patches/CVE-2016-6132.patch: properly validate image data in
src/gd_tga.c.
- CVE-2016-6132
* SECURITY UPDATE: OOB or OOM in gdImageScale
- debian/patches/CVE-2016-6207.patch: check for overflows, use floats,
and check return codes in src/gd.c, src/gd_interpolation.c.
- CVE-2016-6207
* SECURITY UPDATE: out-of-bounds read issue with unsupported TGA
bpp/alphabit combinations
- debian/patches/CVE-2016-6214.patch: improve checks in src/gd_tga.c.
- CVE-2016-6214
-- Marc Deslauriers <email address hidden> Tue, 09 Aug 2016 09:51:31 -0400
|
Source diff to previous version |
|
libgd2 (2.1.0-3ubuntu0.2) trusty-security; urgency=medium
* SECURITY UPDATE: out of bounds read in gdImageScaleTwoPass
- debian/patches/CVE-2013-7456.patch: properly handle window size in
src/gd_interpolation.c.
- CVE-2013-7456
* SECURITY UPDATE: stack overflow with large names
- debian/patches/CVE-2016-5116.patch: properly handle names in
src/gd_xbm.c.
- CVE-2016-5116
* SECURITY UPDATE: integer overflow in _gd2GetHeader()
- debian/patches/CVE-2016-5766.patch: check for overflow in
src/gd_gd2.c.
- CVE-2016-5766
* SECURITY UPDATE: denial of service via invalid color index
- debian/patches/CVE-2016-6128.patch: check color index in
src/gd_crop.c, added test to tests/CMakeLists.txt, tests/Makefile.am,
tests/gdimagecrop/php_bug_72494.c.
- CVE-2016-6128
* SECURITY UPDATE: out of bounds read of masks array
- debian/patches/CVE-2016-6161.patch: properly handle EOF marker in
src/gd_gif_out.c.
- CVE-2016-6161
-- Marc Deslauriers <email address hidden> Fri, 08 Jul 2016 14:41:51 -0400
|
Source diff to previous version |
CVE-2013-7456 |
Fixed memory overrun bug in gdImageScaleTwoPass |
CVE-2016-5116 |
xbm: avoid stack overflow (read) with large names |
CVE-2016-5766 |
Integer Overflow in _gd2GetHeader() resulting in heap overflow |
CVE-2016-6128 |
Invalid color index is not properly handled leading to denial of service |
|
libgd2 (2.1.0-3ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted color table in XPM file
- debian/patches/CVE-2014-2497.patch: avoid null-pointer dereference in
src/gdxpm.c.
- CVE-2014-2497
* SECURITY UPDATE: denial of service via crafted GIF image
- debian/patches/CVE-2014-9709-1.patch: fix buffer read overflow in
src/gd_gif_in.c.
- debian/patches/CVE-2014-9709-2.patch: move overflow test outside the
loop in src/gd_gif_in.c.
- CVE-2014-9709
* SECURITY UPDATE: denial of service via crafted imagefilltoborder call
- debian/patches/CVE-2015-8874.patch: add limits to src/gd.c.
- CVE-2015-8874
* SECURITY UPDATE: denial of service via memleak in gdImageScaleTwoPass
- debian/patches/CVE-2015-8877.patch: use gdImageDestroy in
src/gd_interpolation.c.
- CVE-2015-8877
* SECURITY UPDATE: denial of service and possible code execution via
crafted compressed gd2 data
- debian/patches/CVE-2016-3074.patch: perform range checking in
src/gd_gd2.c.
- CVE-2016-3074
-- Marc Deslauriers <email address hidden> Thu, 26 May 2016 09:29:04 -0400
|
CVE-2014-2497 |
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL |
CVE-2014-9709 |
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a |
CVE-2015-8874 |
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. |
CVE-2015-8877 |
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses incons |
CVE-2016-3074 |
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potential |
|
About
-
Send Feedback to @ubuntu_updates