{"id":"CVE-2018-14553","details":"gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).","modified":"2026-04-16T04:36:34.488540173Z","published":"2020-02-11T13:15:11.197Z","related":["ALSA-2020:4659","SUSE-SU-2020:0594-1","SUSE-SU-2020:0594-2","SUSE-SU-2020:0623-1","openSUSE-SU-2020:0332-1","openSUSE-SU-2024:10777-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html"},{"type":"ADVISORY","url":"https://github.com/libgd/libgd/pull/580"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4316-2/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4316-1/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599032"},{"type":"FIX","url":"https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libgd/libgd","events":[{"introduced":"2912c0a2e0a246318f41bf1997f34ce1dc3e5e42"},{"last_affected":"8255231b68889597d04d451a72438ab92a405aba"},{"introduced":"0"},{"last_affected":"9f0a7e7f4f0fb16d1d7936f2837a2559237edde9"},{"introduced":"0"},{"last_affected":"3ba6e6c857a96d06be2128fec2843b8962aa6757"},{"fixed":"a93eac0e843148dc2d631c3ba80af17e9c8c860f"}],"database_specific":{"versions":[{"introduced":"2.1.1"},{"last_affected":"2.2.5"},{"introduced":"0"},{"last_affected":"2.1.0-NA"},{"introduced":"0"},{"last_affected":"2.1.0-rc2"}]}}],"versions":["GD_1_3_0","GD_1_4_0","GD_1_5_0","GD_1_6_0","GD_1_6_1","GD_1_6_2","GD_1_6_3","GD_1_7_0","GD_1_7_1","GD_1_7_2","GD_1_7_3","GD_1_8_0","GD_1_8_1","GD_1_8_3","GD_1_8_4","GD_2_0_0","GD_2_0_1","GD_2_0_10","GD_2_0_11","GD_2_0_12","GD_2_0_13","GD_2_0_14","GD_2_0_15","GD_2_0_17","GD_2_0_18","GD_2_0_19","GD_2_0_2","GD_2_0_20","GD_2_0_21","GD_2_0_22","GD_2_0_23","GD_2_0_24","GD_2_0_25","GD_2_0_26","GD_2_0_27","GD_2_0_28","GD_2_0_29","GD_2_0_3","GD_2_0_30","GD_2_0_31","GD_2_0_32","GD_2_0_33","GD_2_0_34RC1","GD_2_0_4","GD_2_0_5","GD_2_0_6","GD_2_0_7","GD_2_0_8","GD_2_0_9","gd-2.1.0","gd-2.1.0-alpha1","gd-2.1.0-rc1","gd-2.1.0-rc2","gd-2.1.1","gd-2.2.0","gd-2.2.1","gd-2.2.2","gd-2.2.3","gd-2.2.4","gd-2.2.5"],"database_specific":{"vanir_signatures_modified":"2026-04-11T12:27:29Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.10"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14553.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["101596286683791141158940098408006981970","57027709968180314751806798402433430148","219751563406889302728145834431736606265","269005566747141311857741952118440894727","7920834115374501717266888308718827631","114995183731647994804863226759030143018","137350249030089037543778813862820402485","314141834951349117205344496345660421666","60860856782584586368952408655708045654","22725740368233869882587282633583529125","240501142895742632411135257526459398233","181974805664716321179466111885354045082","73748466374182154486630270515923290986","126852781156425569605314939158155997220"]},"target":{"file":"src/gd.c"},"deprecated":false,"source":"https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f","id":"CVE-2018-14553-6de27c33","signature_type":"Line","signature_version":"v1"},{"target":{"function":"gdImageClone","file":"src/gd.c"},"digest":{"function_hash":"129339956977801164261072113179957572465","length":2608},"deprecated":false,"source":"https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f","id":"CVE-2018-14553-c9b36c9d","signature_type":"Function","signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}