CVE-2021-40145Double Free in Libgd

CWE-415Double Free8 documents7 sources
Severity
7.5HIGHNVD
OSV8.1
EPSS
0.4%
top 37.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libgd
Timeline
PublishedAug 26
Latest updateMay 24

Description

gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDlibgd/libgd2.3.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-8rm3-jg2c-hvfh: ** DISPUTED ** gdImageGd2Ptr in gd_gd22022-05-24
OSV
libgd2 vulnerabilities2021-09-08
CVEList
CVE-2021-40145: gdImageGd2Ptr in gd_gd22021-08-26
OSV
CVE-2021-40145: gdImageGd2Ptr in gd_gd22021-08-26

📋Vendor Advisories

3
Ubuntu
GD library vulnerabilities2021-09-08
Microsoft
gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to2021-08-10
Debian
CVE-2021-40145: libgd2 - gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 h...2021