← Back to CVEs

CVE-2021-40145

HIGH

7.5

Description

gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.

CVE Details

CVSS v3.1 Score7.5

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published8/26/2021

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

libgd:libgd

Weaknesses (CWE)

CWE-415

References

https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af(cve@mitre.org)

https://github.com/libgd/libgd/issues/700(cve@mitre.org)

https://github.com/libgd/libgd/pull/713(cve@mitre.org)

https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/libgd/libgd/issues/700(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/libgd/libgd/pull/713(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.