What is CVE-2021-40812?

CVE-2021-40812 is a vulnerability in the GD Graphics Library (LibGD) that allows for an out-of-bounds read due to the lack of certain return value checks in gdGetBuf and gdPutBuf.

How severe is CVE-2021-40812?

CVE-2021-40812 has a severity rating of 6.5, making it a medium severity vulnerability.

What software is affected by CVE-2021-40812?

The LibGD library version up to and including 2.3.2 is affected by CVE-2021-40812.

What is the Common Weakness Enumeration (CWE) ID for CVE-2021-40812?

The CWE ID for CVE-2021-40812 is CWE-125, which corresponds to Out-of-bounds Read.

How can I mitigate CVE-2021-40812?

To mitigate CVE-2021-40812, it is recommended to update LibGD to a version that includes the fix, such as version 2.3.3 or later.

Vulnerability/
CVE-2021-40812

medium

6.5

CWE

125

8/9/2021

29/10/2024

CVE-2021-40812

First published: Wed Sep 08 2021(Updated: )

Last updated 15 November 2024

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Libgd Libgd	<=2.3.2
debian/libgd2	<=2.3.0-2	2.3.3-9 2.3.3-12

Remedy

https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9

Remedy

https://github.com/libgd/libgd/issues/750#issuecomment-914872385

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-40812?
CVE-2021-40812 is a vulnerability in the GD Graphics Library (LibGD) that allows for an out-of-bounds read due to the lack of certain return value checks in gdGetBuf and gdPutBuf.
How severe is CVE-2021-40812?
CVE-2021-40812 has a severity rating of 6.5, making it a medium severity vulnerability.
What software is affected by CVE-2021-40812?
The LibGD library version up to and including 2.3.2 is affected by CVE-2021-40812.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-40812?
The CWE ID for CVE-2021-40812 is CWE-125, which corresponds to Out-of-bounds Read.
How can I mitigate CVE-2021-40812?
To mitigate CVE-2021-40812, it is recommended to update LibGD to a version that includes the fix, such as version 2.3.3 or later.

collector/nvd-index
agent/type
agent/remedy
agent/severity
agent/weakness
agent/first-publish-date
agent/author
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/references
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/tags
collector/usn-cve
source/Ubuntu
agent/description
agent/event
collector/nvd-cve
vendor/libgd
canonical/libgd libgd
version/libgd libgd/2.3.2
package-manager/debian

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.