Search for vulnerabilities
Vulnerability details: VCID-11fp-nddr-aaah
Vulnerability ID VCID-11fp-nddr-aaah
Aliases CVE-2021-40145
Summary gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.
Status Disputed
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-415 Double Free
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-40145.html
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00242 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0041 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
epss 0.01298 https://api.first.org/data/v1/epss?cve=CVE-2021-40145
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40145
generic_textual Medium https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af
generic_textual Medium https://github.com/libgd/libgd/issues/700
generic_textual Medium https://github.com/libgd/libgd/pull/713
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2021-40145
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40145
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40145
archlinux Medium https://security.archlinux.org/AVG-2258
generic_textual Medium https://ubuntu.com/security/notices/USN-5068-1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-40145.html
https://api.first.org/data/v1/epss?cve=CVE-2021-40145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40145
https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af
https://github.com/libgd/libgd/issues/700
https://github.com/libgd/libgd/pull/713
https://ubuntu.com/security/notices/USN-5068-1
AVG-2258 https://security.archlinux.org/AVG-2258
cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*
CVE-2021-40145 https://nvd.nist.gov/vuln/detail/CVE-2021-40145
USN-5068-1 https://usn.ubuntu.com/5068-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-40145
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-40145
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-40145
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.58646
EPSS Score 0.00211
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
2025-04-18T11:42:43.039074+00:00 NVD CVE Status Improver Improve https://cveawg.mitre.org/api/cve/CVE-2021-40145 36.0.0