Do your applications use this vulnerable package?
Test your applications
Overview
** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'"
References
CVSS Score
8.1
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionRequired
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityNone
-
AvailabilityHigh
- CVE
- CVE-2017-6363
- CWE
- CWE-125
- Snyk ID
- SNYK-DEBIAN8-LIBGD2-558915
- Disclosed
- 27 Feb, 2020
- Published
- 27 Feb, 2020