UbuntuUpdates.org

Package "libgd2"

Name: libgd2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GD command line tools and example code
Latest version: 2.0.36~rc1~dfsg-6ubuntu2.6
Release: precise (12.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libgd2" in Precise

Repository Area Version
base main 2.0.36~rc1~dfsg-6ubuntu2
base universe 2.0.36~rc1~dfsg-6ubuntu2
security main 2.0.36~rc1~dfsg-6ubuntu2.6
security universe 2.0.36~rc1~dfsg-6ubuntu2.6
updates main 2.0.36~rc1~dfsg-6ubuntu2.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.0.36~rc1~dfsg-6ubuntu2.6 2021-05-03 15:06:31 UTC

  libgd2 (2.0.36~rc1~dfsg-6ubuntu2.6) precise-security; urgency=medium

  * SECURITY UPDATE: Double-free memory
    - debian/patches/CVE-2017-6362.patch: introduces a static
      helper to check failure or success in gd_png.c.
    - CVE-2017-6362

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 05 Sep 2017 09:24:22 -0300
Source diff to previous version
CVE-2017-6362 Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors relat

Version: 2.0.36~rc1~dfsg-6ubuntu2.4 2017-02-28 20:07:11 UTC

  libgd2 (2.0.36~rc1~dfsg-6ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: DoS vulnerability in gdImageCreateFromGd2Ctx()
    - debian/patches/CVE-2016-10167.patch: properly fail in gd_gd2.c.
    - CVE-2016-10167
  * SECURITY UPDATE: signed integer overflow in gd_io.c
    - debian/patches/CVE-2016-10168.patch: check counts in gd_gd2.c.
    - CVE-2016-10168
  * SECURITY UPDATE: DoS via oversized image
    - debian/patches/CVE-2016-9317.patch: check for oversized images in
      gd.c.
    - CVE-2016-9317
  * SECURITY UPDATE: DoS via stack consumption
    - debian/patches/CVE-2016-9933.patch: check for invalid colors in gd.c.
    - CVE-2016-9933

 -- Marc Deslauriers <email address hidden> Tue, 28 Feb 2017 11:05:46 -0500
Source diff to previous version
CVE-2016-1016 Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 o
CVE-2016-9317 The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via
CVE-2016-9933 Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP befor

Version: 2.0.36~rc1~dfsg-6ubuntu2.3 2016-11-01 20:06:56 UTC

  libgd2 (2.0.36~rc1~dfsg-6ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via invalid read in
    gdImageCreateFromTiffPtr()
    - debian/patches/CVE-2016-6911.patch: check out of bounds reads in
      gd_io_dp.c.
    - CVE-2016-6911
  * SECURITY UPDATE: stack buffer overflow in dynamicGetbuf
    - debian/patches/CVE-2016-8670.patch: avoid potentially dangerous
      signed to unsigned conversion in gd_io_dp.c.
    - CVE-2016-8670

 -- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 14:24:19 +0200
Source diff to previous version
CVE-2016-6911 invalid read in gdImageCreateFromTiffPtr()
CVE-2016-8670 Stack Buffer Overflow in GD dynamicGetbuf

Version: 2.0.36~rc1~dfsg-6ubuntu2.2 2016-07-11 20:06:54 UTC

  libgd2 (2.0.36~rc1~dfsg-6ubuntu2.2) precise-security; urgency=medium

  * SECURITY UPDATE: integer overflow in _gd2GetHeader()
    - debian/patches/CVE-2016-5766.patch: check for overflow in gd_gd2.c.
    - CVE-2016-5766
  * SECURITY UPDATE: out of bounds read of masks array
    - debian/patches/CVE-2016-6161.patch: properly handle EOF marker in
      gd_gif_out.c.
    - CVE-2016-6161

 -- Marc Deslauriers <email address hidden> Fri, 08 Jul 2016 14:52:13 -0400
Source diff to previous version
CVE-2016-5766 Integer Overflow in _gd2GetHeader() resulting in heap overflow

Version: 2.0.36~rc1~dfsg-6ubuntu2.1 2016-05-31 18:06:48 UTC

  libgd2 (2.0.36~rc1~dfsg-6ubuntu2.1) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted color table in XPM file
    - debian/patches/CVE-2014-2497.patch: avoid null-pointer dereference in
      gdxpm.c.
    - CVE-2014-2497
  * SECURITY UPDATE: denial of service via crafted GIF image
    - debian/patches/CVE-2014-9709-1.patch: fix buffer read overflow in
      gd_gif_in.c.
    - debian/patches/CVE-2014-9709-2.patch: move overflow test outside the
      loop in gd_gif_in.c.
    - CVE-2014-9709
  * SECURITY UPDATE: denial of service via crafted imagefilltoborder call
    - debian/patches/CVE-2015-8874.patch: add limits to gd.c.
    - CVE-2015-8874
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted compressed gd2 data
    - debian/patches/CVE-2016-3074.patch: perform range checking in
      gd_gd2.c.
    - CVE-2016-3074

 -- Marc Deslauriers <email address hidden> Thu, 26 May 2016 10:01:57 -0400
CVE-2014-2497 The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL
CVE-2014-9709 The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a
CVE-2015-8874 Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
CVE-2016-3074 Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potential


About   -   Send Feedback to @ubuntu_updates