CVE-2017-6363

Published: 2/27/2020 Last updated: 8/5/2024 Reserved: 2/28/2017

In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-gd

Products affected (1)

Product	Vendor	Version
n/a	n/a	< iTunes for Windows 12.10.1

References (2)

https://github.com/libgd/libgd/issues/383
https://github.com/libgd/libgd/issues/383