Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 812482 (CVE-2021-40812)

Summary: media-libs/gd: OOB read (CVE-2021-40812)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: codec
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/libgd/libgd/issues/750#issuecomment-914872385
Whiteboard: B4 [upstream/ebuild]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-10 19:24:05 UTC 
CVE-2021-40812 (https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9):

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-13 02:30:41 UTC 
Seems like we have a partial fix in the first issue, new issue: https://github.com/libgd/libgd/issues/757