Christoph M. Becker

7 exploits Active since Sep 2016
CVE-2016-6906 WRITEUP MEDIUM WRITEUP
libgd < 2.2.4 - Denial of Service via Crafted TGA File Decompression
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.
CVSS 5.5
CVE-2016-9317 WRITEUP MEDIUM WRITEUP
libgd < 2.2.4 - Denial of Service via Oversized Image
The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.
CVSS 5.5
CVE-2016-7568 WRITEUP CRITICAL WRITEUP
libgd < 2.2.3 - Integer Overflow in gdImageWebpCtx
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
CVSS 9.8
CVE-2016-8670 WRITEUP CRITICAL WRITEUP
libgd < 2.2.3 - Stack-Based Buffer Overflow via Image Creation
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.
CVSS 9.8
CVE-2016-9933 WRITEUP HIGH WRITEUP
libgd - Denial of Service via Negative Color Value in gdImageFillToBorder
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
CVSS 7.5
CVE-2019-6978 WRITEUP CRITICAL WRITEUP
libgd 2.2.5 - Use-After-Free in gdImage*Ptr Functions
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
CVSS 9.8
CVE-2019-6978 WRITEUP CRITICAL WRITEUP
libgd 2.2.5 - Use-After-Free in gdImage*Ptr Functions
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
CVSS 9.8