CVE-2021-38115

Published: 4 August 2021

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

Notes

Author	Note
mdeslaur	php uses the system libgd2

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
libgd2 Launchpad, Ubuntu, Debian	bionic	Released (2.2.5-4ubuntu0.5)
	focal	Released (2.2.5-5.2ubuntu2.1)
	hirsute	Released (2.3.0-2ubuntu0.1)
	impish	Released (2.3.0-2ubuntu1)
	jammy	Released (2.3.0-2ubuntu1)
	trusty	Released (2.1.0-3ubuntu0.11+esm2)
	upstream	Needs triage
	xenial	Released (2.1.1-4ubuntu0.16.04.12+esm1)
php5 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	trusty	Not vulnerable (uses system gd)
	upstream	Needs triage
	xenial	Does not exist
php7.0 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable (uses system gd)
php7.2 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (uses system gd)
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
php7.3 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991912

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›