9.8

CVE-2016-6912

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibgdLibgd Version <= 2.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.45% 0.902
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md
Patch
Release Notes
http://www.debian.org/security/2017/dsa-3777
http://www.securityfocus.com/bid/95843
https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
Patch
Vendor Advisory