AVG-2258 log

Package	gd
Status	Fixed
Severity	Medium
Type	multiple issues
Affected	2.3.2-4
Fixed	2.3.3-1
Current	2.3.3-8 [extra]
Ticket	None
Created	Thu Aug 5 08:40:31 2021

Issue	Severity	Remote	Type	Description
CVE-2021-40812	Medium	Yes	Information disclosure	The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.
CVE-2021-40145	Medium	Yes	Arbitrary code execution	DISPUTED gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2...
CVE-2021-38115	Low	Yes	Denial of service	read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read)...

Issue

Severity

Remote

Type

Description

CVE-2021-40812

Medium

Yes

Information disclosure

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

CVE-2021-40145

Medium

Yes

Arbitrary code execution

** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2...

CVE-2021-38115

Low

Yes

Denial of service

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read)...