CVE-2016-6912

Published: Jan 26, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.

Affected (1)

Products: Libgd: Libgd

Libgd

1 product

Libgd

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libgd Libgd	Up to 2.2.3

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (8)

http://www.debian.org/security/2017/dsa-3777

Source: cve@mitre.org

http://www.securityfocus.com/bid/95843

Source: cve@mitre.org

https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md

Source: cve@mitre.org

PatchRelease Notes

https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2

Source: cve@mitre.org

PatchVendor Advisory

http://www.debian.org/security/2017/dsa-3777

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/95843

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md

Source: af854a3a-2127-422b-91ae-364da2661108

PatchRelease Notes

https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.