Description
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
References (4)
Core 4
Core References
Patch, Release Notes x_refsource_confirm
https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3777
Patch, Vendor Advisory x_refsource_confirm
https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95843
Scores
CVSS v3
9.8
EPSS
0.0445
EPSS Percentile
90.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-415
Status
published
Products (1)
libgd/libgd
< 2.2.3
Published
Jan 26, 2017
Tracked Since
Feb 18, 2026