Your submission was sent successfully! Close

CVE-2021-40812

Published: 8 September 2021

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
libgd2
Launchpad, Ubuntu, Debian
bionic Deferred
(2021-11-08)
focal Deferred
(2021-11-08)
hirsute Ignored
(reached end-of-life)
impish Deferred
(2021-11-08)
jammy Deferred
(2021-11-08)
trusty Deferred
(2021-11-08)
upstream Needs triage

xenial Deferred
(2021-11-08)
Patches:
upstream: https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9 (partial fix)
php5
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

trusty Not vulnerable
(uses system gd)
upstream Needs triage

xenial Does not exist

php7.0
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(uses system gd)
php7.2
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system gd)
focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

php7.3
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

Notes

AuthorNote
mdeslaur
php uses the system libgd2
leosilva
the fix proposed is a partial one that address BMP and WebP
but not GIF.
no complete fix available from upstream as of 2021-11-08

References