CVE-2021-40145

Published: Aug 26, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.

Affected (1)

Products: Libgd: Libgd

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libgd Libgd	Up to 2.3.2

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (6)

https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/libgd/libgd/issues/700

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/libgd/libgd/pull/713

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/libgd/libgd/issues/700

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/libgd/libgd/pull/713

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.