CVE-2016-6912
Published: 26 January 2017
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
libgd2 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(code not present)
|
trusty |
Released
(2.1.0-3ubuntu0.6)
|
|
upstream |
Released
(2.2.4-1)
|
|
xenial |
Released
(2.1.1-4ubuntu0.16.04.6)
|
|
yakkety |
Released
(2.2.1-1ubuntu3.3)
|
|
php5 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(uses system gd)
|
trusty |
Not vulnerable
(uses system gd)
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
php7.0 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(uses system gd)
|
|
yakkety |
Not vulnerable
(uses system gd)
|
Notes
Author | Note |
---|---|
mdeslaur | php uses the system libgd2 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912
- https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md
- https://ubuntu.com/security/notices/USN-3213-1
- NVD
- Launchpad
- Debian