libgd vulnerabilities and exploits

6.5
MEDIUM
CVE-2019-3921

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially...

NokiaI-240w-q Gpon Ont Firmware
9.3
HIGH
CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new...

7.5
HIGH
CVE-2019-6978

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected....

6.8
MEDIUM
CVE-2019-6977

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an...

10
HIGH
CVE-2018-15982

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution....

NA
CVE-2018-4407

Apple macOS is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the Kernel component. By sending specially crafted packets, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges....

NA
CVE-2018-4415

Apple macOS could allow a local attacker to gain elevated privileges on the system, caused by a memory corruption error in the CoreAnimation component. By using a specially-crafted application, an attacker could exploit this vulnerability to gain system privileges....

NA
CVE-2018-5318

Awesome CVE PoC A curated list of CVE PoCs. Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security. Please read the contribution guidelines before contributing. This repo is full of...

NA
CVE-2018-6128

Google Chrome is vulnerable to universal cross-site scripting, caused by improper validation of user-supplied input by Chrome on iOS. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web...

NA
CVE-2018-6177

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From SUSE_CVE-2018-6177: This CVE is addressed in the SUSE advisories openSUSE-SU-2018:2134-1, openSUSE-SU-2018:2135-1....