Lintian reports
9 warnings
about this package. You should make the package lintian clean getting rid of them.
Standards version of the package is outdated.
high
The package is severely out of date with respect to the Debian Policy.The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.2.1 instead of
3.9.3).
CVE-2018-5711: gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
CVE-2018-1000222: Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/libg/libgd2.png){kind=link}