CVE-2021-40145
Description
gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendors position is The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.537
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| gd Security Update (ALAS-2023-2044) gd-2.0.35-27.amzn2.0.1.i686.rpm | Linux |
| gd Security Update (ALAS-2023-2044) gd-2.0.35-27.amzn2.0.1.x86_64.rpm | Linux |
| gd Security Update (ALAS-2023-2044) gd-devel-2.0.35-27.amzn2.0.1.x86_64.rpm | Linux |
| gd Security Update (ALAS-2023-2044) gd-progs-2.0.35-27.amzn2.0.1.x86_64.rpm | Linux |
| gd Security Update (ALAS2-2023-2044) gd-2.0.35-27.amzn2.0.1.i686.rpm | Linux |
| gd Security Update (ALAS2-2023-2044) gd-2.0.35-27.amzn2.0.1.x86_64.rpm | Linux |
| gd Security Update (ALAS2-2023-2044) gd-devel-2.0.35-27.amzn2.0.1.x86_64.rpm | Linux |
| gd Security Update (ALAS2-2023-2044) gd-progs-2.0.35-27.amzn2.0.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234