{"id":"UBUNTU-CVE-2017-6363","details":"In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says \"In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'","modified":"2026-04-22T11:29:10.683252Z","published":"2020-02-27T05:15:00Z","related":["USN-5068-1"],"upstream":["CVE-2017-6363"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-6363"},{"type":"REPORT","url":"https://github.com/libgd/libgd/commit/0be86e1926939a98afbd2f3a23c673dfc4df2a7c"},{"type":"REPORT","url":"https://github.com/libgd/libgd/commit/2dbd8f6e66b73ed43d9b81a45350922b80f75397"},{"type":"REPORT","url":"https://github.com/libgd/libgd/issues/383"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5068-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2017-6363"}],"affected":[{"package":{"name":"libgd2","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/libgd2@2.1.0-3ubuntu0.11+esm2?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-3ubuntu0.11+esm2"}]}],"versions":["2.1.0-2","2.1.0-3","2.1.0-3ubuntu0.1","2.1.0-3ubuntu0.2","2.1.0-3ubuntu0.3","2.1.0-3ubuntu0.5","2.1.0-3ubuntu0.6","2.1.0-3ubuntu0.7","2.1.0-3ubuntu0.8","2.1.0-3ubuntu0.10","2.1.0-3ubuntu0.11","2.1.0-3ubuntu0.11+esm1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"libgd-tools","binary_version":"2.1.0-3ubuntu0.11+esm2"},{"binary_name":"libgd3","binary_version":"2.1.0-3ubuntu0.11+esm2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-6363.json"}},{"package":{"name":"libgd2","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/libgd2@2.1.1-4ubuntu0.16.04.12+esm1?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.1-4ubuntu0.16.04.12+esm1"}]}],"versions":["2.1.1-4build1","2.1.1-4build2","2.1.1-4ubuntu0.16.04.1","2.1.1-4ubuntu0.16.04.2","2.1.1-4ubuntu0.16.04.3","2.1.1-4ubuntu0.16.04.5","2.1.1-4ubuntu0.16.04.6","2.1.1-4ubuntu0.16.04.7","2.1.1-4ubuntu0.16.04.8","2.1.1-4ubuntu0.16.04.10","2.1.1-4ubuntu0.16.04.11","2.1.1-4ubuntu0.16.04.12"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"libgd-tools","binary_version":"2.1.1-4ubuntu0.16.04.12+esm1"},{"binary_name":"libgd3","binary_version":"2.1.1-4ubuntu0.16.04.12+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-6363.json"}},{"package":{"name":"libgd2","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/libgd2@2.2.5-4ubuntu0.5?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.5-4ubuntu0.5"}]}],"versions":["2.2.5-3","2.2.5-4","2.2.5-4ubuntu0.2","2.2.5-4ubuntu0.3","2.2.5-4ubuntu0.4"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libgd-tools","binary_version":"2.2.5-4ubuntu0.5"},{"binary_name":"libgd3","binary_version":"2.2.5-4ubuntu0.5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-6363.json"}},{"package":{"name":"libgd2","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/libgd2@2.2.5-5.2ubuntu2.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.5-5.2ubuntu2.1"}]}],"versions":["2.2.5-5.2","2.2.5-5.2ubuntu2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libgd-tools","binary_version":"2.2.5-5.2ubuntu2.1"},{"binary_name":"libgd3","binary_version":"2.2.5-5.2ubuntu2.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-6363.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}