CVE-2016-6912

critical

Description

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.

References

https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2

https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md

http://www.securityfocus.com/bid/95843

http://www.debian.org/security/2017/dsa-3777

Details

Source: Mitre, NVD

Published: 2017-01-26

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical