Double Free

Affecting libgd2 package, versions <2.1.0-5+deb8u11

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.

References

CVSS Score

7.5
high severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    None
  • Availability
    High
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE
CVE-2017-6362
CWE
CWE-415
Snyk ID
SNYK-DEBIAN8-LIBGD2-383076
Disclosed
07 Sep, 2017
Published
07 Sep, 2017