CVE-2016-6912
Published: 26 January 2017
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
Priority
Medium
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
libgd2 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(code not present)
|
| trusty |
Released
(2.1.0-3ubuntu0.6)
|
|
| upstream |
Released
(2.2.4-1)
|
|
| xenial |
Released
(2.1.1-4ubuntu0.16.04.6)
|
|
| yakkety |
Released
(2.2.1-1ubuntu3.3)
|
|
|
php5 Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(uses system gd)
|
| trusty |
Not vulnerable
(uses system gd)
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
|
php7.0 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system gd)
|
|
| yakkety |
Not vulnerable
(uses system gd)
|
Notes
| Author | Note |
|---|---|
| mdeslaur | php uses the system libgd2 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912
- https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md
- https://ubuntu.com/security/notices/USN-3213-1
- NVD
- Launchpad
- Debian