6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-40812

CVE-2021-40812: The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack...

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2021-40812

CVE-2021-40812:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability (CVE-2021-40812) description states that it's an out-of-bounds read due to the lack of return value checks for gdGetBuf and gdPutBuf. The provided commit 6f5136821be86e7068fcdf651ae9420b5d42e9a9 specifically addresses this issue by adding return value checks for gdPutBuf within the functions _gdImageBmpCtx in src/gd_bmp.c and _gdImageWebpCtx in src/gd_webp.c. Before this patch, these functions used gdPutBuf without verifying if the write operation was successful and complete. This omission could lead to situations where less data was written than expected, and subsequent reads from the affected buffer (assuming it was fully written) could go out of bounds. Therefore, these two functions are identified as vulnerable in their pre-patch state.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2021-40812: The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack...

CVE-2021-40812:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2021-40812: The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack...

6.5

6.5

Basic Information

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI