Double free error in GD Graphics Library - CVE-2016-6912
Published: July 19, 2017
Vulnerability identifier: #VU7573
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-6912
CWE-ID: CWE-415
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Boutell.Com, Inc.
Affected software:
GD Graphics Library
GD Graphics Library
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.
The vulnerability exists due to double free error when processing large image width and height values in gdImageWebPtr() function in the GD Graphics Library (aka libgd). A remote attacker create a specially crafted image file, trigger double free error and crash the affected application or execute arbitrary code on the target system.
The vulnerability exists due to double free error when processing large image width and height values in gdImageWebPtr() function in the GD Graphics Library (aka libgd). A remote attacker create a specially crafted image file, trigger double free error and crash the affected application or execute arbitrary code on the target system.
How to mitigate CVE-2016-6912
Update to version 2.2.4.