CVE-2016-6912
Published: 26 January 2017
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
Notes
| Author | Note |
|---|---|
| mdeslaur | php uses the system libgd2 |
Priority
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
libgd2 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.2.4-1)
|
| precise |
Not vulnerable
(code not present)
|
|
| trusty |
Released
(2.1.0-3ubuntu0.6)
|
|
| xenial |
Released
(2.1.1-4ubuntu0.16.04.6)
|
|
| yakkety |
Released
(2.2.1-1ubuntu3.3)
|
|
|
Patches: upstream: https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2 |
||
|
php5 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| precise |
Not vulnerable
(uses system gd)
|
|
| trusty |
Not vulnerable
(uses system gd)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
|
php7.0 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| xenial |
Not vulnerable
(uses system gd)
|
|
| yakkety |
Not vulnerable
(uses system gd)
|
|