php-gd vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the php-gd package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
CVE-2024-9026

<0:7.4.33-2.module+el8.10.0+1912+72767185
  • M
CVE-2024-8927

<0:7.4.33-2.module+el8.10.0+1912+72767185
  • M
CVE-2024-8925

<0:7.4.33-2.module+el8.10.0+1912+72767185
  • M
Insufficient Verification of Data Authenticity

<0:7.4.33-2.module+el8.10.0+1912+72767185
  • M
CVE-2024-3096

<0:7.4.33-2.module+el8.10.0+1912+72767185
  • M
CVE-2024-2756

<0:7.4.33-2.module+el8.10.0+1912+72767185
  • M
Out-of-Bounds

<0:7.4.33-2.module+el8.10.0+1912+72767185
  • M
XML External Entity (XXE) Injection

<0:7.4.33-2.module+el8.10.0+1912+72767185
  • M
Use of Insufficiently Random Values

<0:7.4.33-2.module+el8.10.0+1912+72767185
  • H
Resource Exhaustion

<0:8.0.30-1.module+el8.8.0+1550+d8f1b18f
  • M
Allocation of Resources Without Limits or Throttling

<0:7.4.33-2.module+el8.10.0+1912+72767185
  • M
Use of Password Hash With Insufficient Computational Effort

<0:7.4.33-2.module+el8.10.0+1912+72767185
  • M
Integer Overflow or Wraparound

<0:8.0.27-1.module+el8.7.0+1156+de6c8de9
  • M
CVE-2022-31631

<0:8.0.27-1.module+el8.7.0+1156+de6c8de9
  • M
Out-of-bounds Read

<0:8.0.27-1.module+el8.7.0+1156+de6c8de9
  • M
CVE-2022-31629

<0:8.0.27-1.module+el8.7.0+1156+de6c8de9
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<0:8.0.27-1.module+el8.7.0+1156+de6c8de9
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Use of Uninitialized Resource

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Access Restriction Bypass

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
CVE-2020-7066

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Out-of-bounds Write

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Out-of-bounds Read

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Improper Preservation of Permissions

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
NULL Pointer Dereference

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Out-of-bounds Read

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Out-of-bounds Read

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Out-of-bounds Read

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Out-of-bounds Read

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Out-of-bounds Read

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Uncontrolled Recursion

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
NULL Pointer Dereference

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Use After Free

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Out-of-bounds Read

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Integer Overflow or Wraparound

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Out-of-bounds Read

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Arbitrary Code Injection

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
Out-of-bounds Read

<0:7.2.24-1.module+el8.4.0+413+c9202dda
  • M
NULL Pointer Dereference

<0:7.4.19-1.module+el8.5.0+696+61e7c9ba
  • M
Improper Input Validation

<0:7.4.19-1.module+el8.5.0+696+61e7c9ba
  • M
Reliance on Cookies without Validation and Integrity Checking

<0:7.4.19-1.module+el8.5.0+696+61e7c9ba
  • M
Inadequate Encryption Strength

<0:7.4.19-1.module+el8.5.0+696+61e7c9ba
  • M
Use After Free

<0:7.4.19-1.module+el8.5.0+696+61e7c9ba
  • M
Out-of-bounds Read

<0:7.3.20-1.module+el8.4.0+414+2e7afcdd
  • M
Release of Invalid Pointer or Reference

<0:7.4.19-4.module+el8.6.0+1006+0d5a469f
  • M
Improper Input Validation

<0:7.4.19-2.module+el8.6.0+789+2130c178
  • M
Out-of-bounds Write

<0:7.4.19-2.module+el8.6.0+789+2130c178
  • M
Link Following

<0:7.4.30-1.module+el8.7.0+1067+0a7071cc
  • M
CVE-2021-21707

<0:7.4.30-1.module+el8.7.0+1067+0a7071cc
  • M
Directory Traversal

<0:7.4.19-4.module+el8.6.0+1006+0d5a469f
  • M
Arbitrary Code Injection

<0:7.4.19-4.module+el8.6.0+1006+0d5a469f
  • M
Deserialization of Untrusted Data

<0:7.4.19-4.module+el8.6.0+1006+0d5a469f
  • M
Use After Free

<0:8.0.20-2.module+el8.7.0+1068+7fd2c980
  • H
Buffer Overflow

<0:8.0.13-3.module+el8.6.0+989+3fbff15c