Double Free

Affecting libgd2 package, versions <2.1.0-5+deb8u12

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.

References

CVSS Score

8.8
high severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE
CVE-2018-1000222
CWE
CWE-415
Snyk ID
SNYK-DEBIAN8-LIBGD2-382999
Disclosed
20 Aug, 2018
Published
22 Aug, 2018