CVE-2016-6912

critical

Description

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.

References

http://www.debian.org/security/2017/dsa-3777

http://www.securityfocus.com/bid/95843

https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md

https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2

Details

Source: MITRE

Published: 2017-01-26

Updated: 2017-11-04

Type: CWE-415

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL