{"id":"USN-3389-1","summary":"libgd2 vulnerability","details":"A vulnerability was discovered in GD Graphics Library (aka libgd),\nas used in PHP that does not zero colorMap arrays before use.\nA specially crafted GIF image could use the uninitialized tables to\nread bytes from the top of the stack.\n","modified":"2026-02-10T04:41:11Z","published":"2017-08-14T18:27:06Z","related":["UBUNTU-CVE-2017-7890"],"upstream":["CVE-2017-7890","UBUNTU-CVE-2017-7890"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3389-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-7890"}],"affected":[{"package":{"name":"libgd2","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/libgd2@2.1.0-3ubuntu0.7?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-3ubuntu0.7"}]}],"versions":["2.1.0-2","2.1.0-3","2.1.0-3ubuntu0.1","2.1.0-3ubuntu0.2","2.1.0-3ubuntu0.3","2.1.0-3ubuntu0.5","2.1.0-3ubuntu0.6"],"ecosystem_specific":{"binaries":[{"binary_name":"libgd-dev","binary_version":"2.1.0-3ubuntu0.7"},{"binary_name":"libgd-tools","binary_version":"2.1.0-3ubuntu0.7"},{"binary_name":"libgd2-noxpm-dev","binary_version":"2.1.0-3ubuntu0.7"},{"binary_name":"libgd2-xpm-dev","binary_version":"2.1.0-3ubuntu0.7"},{"binary_name":"libgd3","binary_version":"2.1.0-3ubuntu0.7"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-7890"}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3389-1.json"}},{"package":{"name":"libgd2","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/libgd2@2.1.1-4ubuntu0.16.04.7?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.1-4ubuntu0.16.04.7"}]}],"versions":["2.1.1-4build1","2.1.1-4build2","2.1.1-4ubuntu0.16.04.1","2.1.1-4ubuntu0.16.04.2","2.1.1-4ubuntu0.16.04.3","2.1.1-4ubuntu0.16.04.5","2.1.1-4ubuntu0.16.04.6"],"ecosystem_specific":{"binaries":[{"binary_name":"libgd-dev","binary_version":"2.1.1-4ubuntu0.16.04.7"},{"binary_name":"libgd-tools","binary_version":"2.1.1-4ubuntu0.16.04.7"},{"binary_name":"libgd3","binary_version":"2.1.1-4ubuntu0.16.04.7"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-7890"}],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3389-1.json"}}],"schema_version":"1.7.3"}