Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2014-9709: libgd / gd-libgd - 47eb44b

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

CVE
#dos#php#perl

committed 47eb44b 2014-12-13

Fix possible buffer read overflow
detected by -fsanitize=address, thanks to Jan Bee

Comments (0)

Files changed (1)

  • +9 -2

    M src/gd_gif_in.c

File src/gd_gif_in.c Modified

  • Ignore whitespace
  • Hide word diff

#define STACK_SIZE ((1<<(MAX_LWZ_BITS))*2)

+#define CSD_BUF_SIZE 280

- unsigned char buf[280];

  • unsigned char buf[CSD_BUF_SIZE];

    for (i = scd->curbit, j = 0; j < code_size; ++i, ++j) {

- ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j;

  •   if (i < CSD\_BUF\_SIZE \* 8) {
    
  •       ret |= ((scd->buf\[i / 8\] & (1 << (i % 8))) != 0) << j;
    

    scd->curbit += code_size;

Related news

CVE-2016-5771: PHP: PHP 5 ChangeLog

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

CVE-2014-3479: PHP: PHP 5 ChangeLog

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907