CVE-2017-6363

Updated: 2024-11-30 04:06:51.160243

Description:

In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5.8
CVSS Version 3.x HIGH 8.1

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS gd 2.0.35 8.1 HIGH Released CLSA-2021:1635439636 2022-05-05 12:02:12
CloudLinux 6 ELS gd 2.0.35 8.1 HIGH Released 2021-11-02 21:02:48
Oracle Linux 6 ELS gd 2.0.35 8.1 HIGH Released CLSA-2021:1634919016 2021-11-02 21:02:48
Ubuntu 16.04 ELS gd 2.1.1 8.1 HIGH Released CLSA-2021:1635459219 2021-11-02 21:02:48