8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.3%
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in
gdImageBmpPtr Function that can result in Remote Code Execution . This
attack appear to be exploitable via Specially Crafted Jpeg Image can
trigger double free. This vulnerability appears to have been fixed in after
commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.
Author | Note |
---|---|
mdeslaur | php uses the system libgd2 |
leosilva | code not present in precise/esm |
github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
github.com/libgd/libgd/issues/447
launchpad.net/bugs/cve/CVE-2018-1000222
nvd.nist.gov/vuln/detail/CVE-2018-1000222
security-tracker.debian.org/tracker/CVE-2018-1000222
ubuntu.com/security/notices/USN-3755-1
www.cve.org/CVERecord?id=CVE-2018-1000222
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.3%