CVE-2021-40145

CVE	CVE-2021-40145
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-08-26 01:15:00 UTC
Updated	2023-11-07 03:38:00 UTC
Description	DISPUTED gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes."

Problem Types: CWE-415

Type	Vendor	Product	Version	Update	Edition	Language
Application	Libgd	Libgd	All	All	All	All

Reference	Source	Link	Tags
gdImageGd2Ptr memory leak by meweez · Pull Request #713 · libgd/libgd · GitHub	MISC	github.com
gdImageGdPtr memory leak · Issue #700 · libgd/libgd · GitHub	MISC	github.com
Merge pull request #713 from me22bee/_gdImageGd2 · libgd/libgd@c5fd25c · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

182137 Debian Security Update for libgd2 (CVE-2021-40145)
198489 Ubuntu Security Notification for GD library Vulnerabilities (USN-5068-1)
296061 Oracle Solaris 11.4 Support Repository Update (SRU) 42.113.1 Missing (CPUJAN2022)
354869 Amazon Linux Security Advisory for gd : ALAS-2023-1721
355098 Amazon Linux Security Advisory for gd : ALAS2-2023-2044
500198 Alpine Linux Security Update for gd
503940 Alpine Linux Security Update for gd
670819 EulerOS Security Update for gd (EulerOS-SA-2021-2708)
670952 EulerOS Security Update for gd (EulerOS-SA-2021-2659)
671020 EulerOS Security Update for gd (EulerOS-SA-2021-2683)
671022 EulerOS Security Update for gd (EulerOS-SA-2021-2630)
671258 EulerOS Security Update for gd (EulerOS-SA-2022-1163)
900385 Common Base Linux Mariner (CBL-Mariner) Security Update for gd (6269)
901126 Common Base Linux Mariner (CBL-Mariner) Security Update for gd (6432-1)