CVE-2021-40145

Updated: 2024-11-30 03:59:02.395674

Description:

gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS gd 2.0.35 7.5 HIGH Released CLSA-2021:1635439636 2022-05-05 12:02:12
CentOS 8.4 ELS gd 2.2.5 7.5 HIGH Released CLSA-2022:1644931813 2022-02-15 14:48:27
CentOS 8.5 ELS gd 2.2.5 7.5 HIGH Released CLSA-2022:1646915745 2022-03-10 08:59:27
CloudLinux 6 ELS gd 2.0.35 7.5 HIGH Released 2021-12-09 07:57:03
Oracle Linux 6 ELS gd 2.0.35 7.5 HIGH Released CLSA-2021:1634919016 2021-12-09 07:57:03
Ubuntu 16.04 ELS gd 2.1.1 7.5 HIGH Released CLSA-2021:1635459219 2021-12-09 07:57:03
Ubuntu 18.04 ELS gd 2.2.5 7.5 HIGH Already Fixed 2023-06-29 14:06:31