CVE-2021-40145

Name of the Vulnerable Software and Affected Versions GD Graphics Library (aka LibGD) versions through 2.3.2

Description The issue is related to a double free in the gdImageGd2Ptr function in the gd gd2.c component of the GD Graphics Library. This can be exploited by a remote attacker to cause a denial of service. The vendor notes that the GD2 image format is proprietary and should be considered obsolete, only used for development and testing purposes.

Recommendations For versions through 2.3.2, consider updating to a version where this issue is fixed, if available. As a temporary workaround, restrict the use of the gdImageGd2Ptr function in gd gd2.c to minimize the risk of exploitation. However, since the specific fix version is not provided, and given the vendor's stance on the GD2 image format, it is essential to follow best practices for secure development and testing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.