CVE-2018-14553

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

References

https://bugzilla.redhat.com/show_bug.cgi?id=1599032

https://github.com/libgd/libgd/pull/580

https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f

https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/

https://usn.ubuntu.com/4316-2/

https://usn.ubuntu.com/4316-1/

Details

Source: MITRE

Published: 2020-02-11

Updated: 2021-12-30

Type: CWE-476

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
147709NewStart CGSL MAIN 6.02 : gd Multiple Vulnerabilities (NS-SA-2021-0066)NessusNewStart CGSL Local Security Checks
critical
145893CentOS 8 : gd (CESA-2020:4659)NessusCentOS Local Security Checks
critical
143083RHEL 8 : gd (RHSA-2020:4659)NessusRed Hat Local Security Checks
critical
142777Oracle Linux 8 : gd (ELSA-2020-4659)NessusOracle Linux Local Security Checks
critical
140004EulerOS Virtualization for ARM 64 3.0.6.0 : gd (EulerOS-SA-2020-1901)NessusHuawei Local Security Checks
high
139132EulerOS 2.0 SP8 : gd (EulerOS-SA-2020-1802)NessusHuawei Local Security Checks
high
138256SUSE SLED15 / SLES15 Security Update : gd (SUSE-SU-2020:0594-2)NessusSuSE Local Security Checks
medium
134850Slackware 14.2 / current : gd (SSA:2020-083-01)NessusSlackware Local Security Checks
critical
134422Photon OS 2.0: Libgd PHSA-2020-2.0-0213NessusPhotonOS Local Security Checks
high
134398openSUSE Security Update : gd (openSUSE-2020-332)NessusSuSE Local Security Checks
medium
134366SUSE SLED12 / SLES12 Security Update : gd (SUSE-SU-2020:0623-1)NessusSuSE Local Security Checks
medium
134297SUSE SLED15 / SLES15 Security Update : gd (SUSE-SU-2020:0594-1)NessusSuSE Local Security Checks
medium
134210Photon OS 3.0: Libgd PHSA-2020-3.0-0063NessusPhotonOS Local Security Checks
high
133730Debian DLA-2106-1 : libgd2 security updateNessusDebian Local Security Checks
high