CVE-2021-40812
Published: 8 September 2021
The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.
Priority
Low
CVSS 3 base score: 6.5
Status
| Package | Release | Status |
|---|---|---|
|
libgd2 Launchpad, Ubuntu, Debian |
bionic |
Deferred
(2021-11-08)
|
| focal |
Deferred
(2021-11-08)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Deferred
(2021-11-08)
|
|
| jammy |
Deferred
(2021-11-08)
|
|
| trusty |
Deferred
(2021-11-08)
|
|
| upstream |
Needs triage
|
|
| xenial |
Deferred
(2021-11-08)
|
|
|
Patches: upstream: https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9 (partial fix) |
||
|
php5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| trusty |
Not vulnerable
(uses system gd)
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
php7.0 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system gd)
|
|
|
php7.2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system gd)
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
php7.3 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|