* DISPUTED * In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'"
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "libgd2-xpm-dev": "2.1.0-3ubuntu0.11+esm2", "libgd-dev": "2.1.0-3ubuntu0.11+esm2", "libgd3-dbgsym": "2.1.0-3ubuntu0.11+esm2", "libgd3": "2.1.0-3ubuntu0.11+esm2", "libgd-dbg": "2.1.0-3ubuntu0.11+esm2", "libgd2-noxpm-dev": "2.1.0-3ubuntu0.11+esm2", "libgd-tools": "2.1.0-3ubuntu0.11+esm2", "libgd-tools-dbgsym": "2.1.0-3ubuntu0.11+esm2" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "libgd-dev": "2.1.1-4ubuntu0.16.04.12+esm1", "libgd3-dbgsym": "2.1.1-4ubuntu0.16.04.12+esm1", "libgd3": "2.1.1-4ubuntu0.16.04.12+esm1", "libgd-dbg": "2.1.1-4ubuntu0.16.04.12+esm1", "libgd-dev-dbgsym": "2.1.1-4ubuntu0.16.04.12+esm1", "libgd-tools": "2.1.1-4ubuntu0.16.04.12+esm1", "libgd-tools-dbgsym": "2.1.1-4ubuntu0.16.04.12+esm1" } ] }