UbuntuUpdates.org

Package "libgd3"

Name: libgd3

Description:

GD Graphics Library
Latest version: 2.2.5-5.2ubuntu2.4
Release: focal (20.04)
Level: security
Repository: main
Head package: libgd2
Homepage: http://www.libgd.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libgd3"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libgd3" in Focal

Repository Area Version
base main 2.2.5-5.2ubuntu2
updates main 2.2.5-5.2ubuntu2.4

Changelog

Version: 2.2.5-5.2ubuntu2.4 2024-11-14 23:06:54 UTC

  libgd2 (2.2.5-5.2ubuntu2.4) focal-security; urgency=medium

  * SECURITY UPDATE: gdGetBuf and gdPutBuf are missing bounds checks,
    allowing for out-of-bounds reads.
    - debian/patches/CVE-2021-40812.patch: Add bounds checking after gdPutBuf
      calls.
    - CVE-2021-40812

 -- Nicolas Campuzano Jimenez <email address hidden> Wed, 13 Nov 2024 18:40:43 -0500
Source diff to previous version
CVE-2021-40812 The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

Version: 2.2.5-5.2ubuntu2.1 2021-09-08 13:06:50 UTC

  libgd2 (2.2.5-5.2ubuntu2.1) focal-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2017-6363-*.patch: make sure transparent
      palette index is within bounds in src/gd_gd.c and add tests in
      tests/gd/bug00383.c, tests/gd/CMakeLists.txt, tests/gd/Makemodule.am,
      tests/gd2/bug00383.c, tests/gd2/CMakeLists.txt, test/gd2/Makemodule.am.
    - CVE-2017-6363
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2021-38115.patch: fix a read out-of-bounds in
      reading tga header file in src/gd_tga.c.
    - CVE-2021-38115
  * SECURITY UPDATE: Double free
    - debian/patches/CVE-2021-40145.patch: fix a memory leak in
      src/gd_gd2.c.
    - CVE-2021-40145

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 30 Aug 2021 15:10:22 -0300
CVE-2017-6363 ** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the ven
CVE-2021-38115 read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds
CVE-2021-40145 ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The


About   -   Send Feedback to @ubuntu_updates