{"id":"JLSEC-2026-360","details":"read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.","modified":"2026-04-30T12:00:06.694455Z","published":"2026-04-30T11:53:44.984Z","upstream":["CVE-2021-38115"],"database_specific":{"sources":[{"published":"2021-08-04T21:15:08.170Z","id":"CVE-2021-38115","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-38115","imported":"2026-04-30T08:55:18.236Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38115","modified":"2024-11-21T06:16:25.407Z","database_specific":{"status":"Modified"}}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://github.com/libgd/libgd/issues/697"},{"type":"WEB","url":"https://github.com/libgd/libgd/issues/697"},{"type":"WEB","url":"https://github.com/libgd/libgd/pull/711/commits/8b111b2b4a4842179be66db68d84dda91a246032"},{"type":"WEB","url":"https://github.com/libgd/libgd/pull/711/commits/8b111b2b4a4842179be66db68d84dda91a246032"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html"}],"affected":[{"package":{"name":"LibGD_jll","ecosystem":"Julia","purl":"pkg:julia/LibGD_jll?uuid=16339573-6216-525a-b38f-30b6f6b71b5f"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.3.3+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-360.json"}}],"schema_version":"1.7.5"}