CVE-2018-14553

Published: Feb 11, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=1599032

https://github.com/libgd/libgd/pull/580

https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f

[debian-lts-announce] 20200218 [SECURITY] [DLA 2106-1] libgd2 security update

mailing-list

openSUSE-SU-2020:0332

vendor-advisory

FEDORA-2020-e795f92d79

vendor-advisory

USN-4316-2

vendor-advisory

USN-4316-1

vendor-advisory

[debian-lts-announce] 20240406 [SECURITY] [DLA 3781-1] libgd2 security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-14553

Description

Affected Products

References