USN-7112-1: GD Graphics Library vulnerability

Releases

• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM

Packages

• libgd2 - GD Graphics Library

Details

It was discovered that the GD Graphics Library did not perform proper
bounds checking while handling BMP and WebP files. If a user were tricked
into opening a specially crafted file, an attacker could possibly use
this issue to cause a denial of service (application crash).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04

• libgd-dev - 2.3.0-2ubuntu2.3
• libgd-tools - 2.3.0-2ubuntu2.3
• libgd3 - 2.3.0-2ubuntu2.3

Ubuntu 20.04

• libgd-dev - 2.2.5-5.2ubuntu2.4
• libgd-tools - 2.2.5-5.2ubuntu2.4
• libgd3 - 2.2.5-5.2ubuntu2.4

Ubuntu 18.04

• libgd-dev - 2.2.5-4ubuntu0.5+esm3
  Available with Ubuntu Pro
• libgd-tools - 2.2.5-4ubuntu0.5+esm3
  Available with Ubuntu Pro
• libgd3 - 2.2.5-4ubuntu0.5+esm3
  Available with Ubuntu Pro

Ubuntu 16.04

• libgd-dev - 2.1.1-4ubuntu0.16.04.12+esm4
  Available with Ubuntu Pro
• libgd-tools - 2.1.1-4ubuntu0.16.04.12+esm4
  Available with Ubuntu Pro
• libgd3 - 2.1.1-4ubuntu0.16.04.12+esm4
  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

• CVE-2021-40812