CVE-2021-40145

2021-08-2600:00:00

ubuntu.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

59.1%

JSON

DISPUTED gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka
LibGD) through 2.3.2 has a double free. NOTE: the vendor’s position is “The
GD2 image format is a proprietary image format of libgd. It has to be
regarded as being obsolete, and should only be used for development and
testing purposes.”

Notes

Author	Note
mdeslaur	php uses the system libgd2

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlibgd2< 2.2.5-4ubuntu0.5UNKNOWN
ubuntu20.04noarchlibgd2< 2.2.5-5.2ubuntu2.1UNKNOWN
ubuntu21.04noarchlibgd2< 2.3.0-2ubuntu0.1UNKNOWN
ubuntu21.10noarchlibgd2< 2.3.0-2ubuntu1UNKNOWN
ubuntu22.04noarchlibgd2< 2.3.0-2ubuntu1UNKNOWN
ubuntu14.04noarchlibgd2< 2.1.0-3ubuntu0.11+esm2) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchlibgd2< 2.1.1-4ubuntu0.16.04.12+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	libgd2	< 2.2.5-4ubuntu0.5	UNKNOWN
ubuntu	20.04	noarch	libgd2	< 2.2.5-5.2ubuntu2.1	UNKNOWN
ubuntu	21.04	noarch	libgd2	< 2.3.0-2ubuntu0.1	UNKNOWN
ubuntu	21.10	noarch	libgd2	< 2.3.0-2ubuntu1	UNKNOWN
ubuntu	22.04	noarch	libgd2	< 2.3.0-2ubuntu1	UNKNOWN
ubuntu	14.04	noarch	libgd2	< 2.1.0-3ubuntu0.11+esm2) Available with Ubuntu Pro or Ubuntu Pro (Infra-only	UNKNOWN
ubuntu	16.04	noarch	libgd2	< 2.1.1-4ubuntu0.16.04.12+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only	UNKNOWN