PT-2017-2400 · Gd+3 · Gd Graphics Library+3

Ibrahim El-Sayed

Published

2017-01-26

Updated

2024-06-15

CVE-2016-6912

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GD Graphics Library versions prior to 2.2.4

Description The issue is related to a double free vulnerability in the gdImageWebPtr function of the GD Graphics Library. This vulnerability can be exploited by a remote attacker using large width and height values, potentially allowing for unspecified impact.

Recommendations For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of large width and height values in the gdImageWebPtr function until a patch is available.

Fix

DoS

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2017-01603

CVE-2016-6912

DSA-3777-1

MGASA-2017-0055

OPENSUSE-SU-2024:10777-1

SUSE-SU-2017:0468-1

USN-3213-1

Affected Products

Fortios

Gd Graphics Library

Suse

Ubuntu

PT-2017-2400 · Gd+3 · Gd Graphics Library+3

CVE-2016-6912

Weakness Enumeration

Related Identifiers

Affected Products

References · 54