{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/vex/2021/cve-2021-40812-els_os-rhel7els.json" } ], "tracking": { "current_release_date": "2026-06-13T02:53:45Z", "generator": { "date": "2026-06-13T02:53:45Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2021-40812-ELS_OS-RHEL7ELS", "initial_release_date": "2021-09-08T21:15:00Z", "revision_history": [ { "date": "2021-09-08T21:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-06-13T02:53:45Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2021-40812" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "gd-devel-0:2.0.35-27.el7_9.x86_64", "product": { "name": "gd-devel-0:2.0.35-27.el7_9.x86_64", "product_id": "gd-devel-0:2.0.35-27.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gd-devel@2.0.35-27.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "gd-progs-0:2.0.35-27.el7_9.x86_64", "product": { "name": "gd-progs-0:2.0.35-27.el7_9.x86_64", "product_id": "gd-progs-0:2.0.35-27.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gd-progs@2.0.35-27.el7_9?arch=x86_64" } } }, { "category": "product_version", "name": "gd-0:2.0.35-27.el7_9.x86_64", "product": { "name": "gd-0:2.0.35-27.el7_9.x86_64", "product_id": "gd-0:2.0.35-27.el7_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gd@2.0.35-27.el7_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "gd-devel-0:2.0.35-27.el7_9.i686", "product": { "name": "gd-devel-0:2.0.35-27.el7_9.i686", "product_id": "gd-devel-0:2.0.35-27.el7_9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gd-devel@2.0.35-27.el7_9?arch=i686" } } }, { "category": "product_version", "name": "gd-0:2.0.35-27.el7_9.i686", "product": { "name": "gd-0:2.0.35-27.el7_9.i686", "product_id": "gd-0:2.0.35-27.el7_9.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/gd@2.0.35-27.el7_9?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "product": { "name": "gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "product_id": "gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/gd-devel@2.0.35-27.el7_9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "gd-progs-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "product": { "name": "gd-progs-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "product_id": "gd-progs-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/gd-progs@2.0.35-27.el7_9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "gd-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "product": { "name": "gd-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "product_id": "gd-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/gd@2.0.35-27.el7_9.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.i686", "product": { "name": "gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.i686", "product_id": "gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/gd-devel@2.0.35-27.el7_9.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "gd-0:2.0.35-27.el7_9.tuxcare.els1.i686", "product": { "name": "gd-0:2.0.35-27.el7_9.tuxcare.els1.i686", "product_id": "gd-0:2.0.35-27.el7_9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/gd@2.0.35-27.el7_9.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.x86_64" }, "product_reference": "gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "gd-devel-0:2.0.35-27.el7_9.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.x86_64" }, "product_reference": "gd-devel-0:2.0.35-27.el7_9.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.i686" }, "product_reference": "gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "gd-devel-0:2.0.35-27.el7_9.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.i686" }, "product_reference": "gd-devel-0:2.0.35-27.el7_9.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "gd-progs-0:2.0.35-27.el7_9.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:gd-progs-0:2.0.35-27.el7_9.tuxcare.els1.x86_64" }, "product_reference": "gd-progs-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "gd-progs-0:2.0.35-27.el7_9.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:gd-progs-0:2.0.35-27.el7_9.x86_64" }, "product_reference": "gd-progs-0:2.0.35-27.el7_9.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "gd-0:2.0.35-27.el7_9.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:gd-0:2.0.35-27.el7_9.tuxcare.els1.x86_64" }, "product_reference": "gd-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "gd-0:2.0.35-27.el7_9.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:gd-0:2.0.35-27.el7_9.x86_64" }, "product_reference": "gd-0:2.0.35-27.el7_9.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "gd-0:2.0.35-27.el7_9.tuxcare.els1.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:gd-0:2.0.35-27.el7_9.tuxcare.els1.i686" }, "product_reference": "gd-0:2.0.35-27.el7_9.tuxcare.els1.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "gd-0:2.0.35-27.el7_9.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:gd-0:2.0.35-27.el7_9.i686" }, "product_reference": "gd-0:2.0.35-27.el7_9.i686", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-40812", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Red-Hat-7:gd-0:2.0.35-27.el7_9.i686", "Red-Hat-7:gd-0:2.0.35-27.el7_9.tuxcare.els1.i686", "Red-Hat-7:gd-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:gd-0:2.0.35-27.el7_9.x86_64", "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.i686", "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.i686", "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.x86_64", "Red-Hat-7:gd-progs-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:gd-progs-0:2.0.35-27.el7_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-40812" }, { "category": "external", "summary": "https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9", "url": "https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9" }, { "category": "external", "summary": "https://github.com/libgd/libgd/issues/750#issuecomment-914872385", "url": "https://github.com/libgd/libgd/issues/750#issuecomment-914872385" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html" } ], "release_date": "2021-09-08T21:15:00Z", "remediations": [ { "category": "no_fix_planned", "date": "2026-06-12T13:07:22.978798Z", "details": "This issue is an out‑of‑bounds read in LibGD ≤ 2.3.2 that is only triggered when an application using the library opens attacker‑supplied image data (user interaction required), and the effect is limited to denial‑of‑service with no confidentiality or integrity impact. LibGD is not a network‑facing service; exploitation requires a specific application path that decodes untrusted images via these functions, so environments that don’t ingest such content through LibGD aren’t exposed. Given the DoS‑only outcome and the need for a crafted file to be processed, it’s reasonable to deprioritize in typical server/VM deployments.", "product_ids": [ "Red-Hat-7:gd-0:2.0.35-27.el7_9.i686", "Red-Hat-7:gd-0:2.0.35-27.el7_9.tuxcare.els1.i686", "Red-Hat-7:gd-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:gd-0:2.0.35-27.el7_9.x86_64", "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.i686", "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.i686", "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.x86_64", "Red-Hat-7:gd-progs-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:gd-progs-0:2.0.35-27.el7_9.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:gd-0:2.0.35-27.el7_9.i686", "Red-Hat-7:gd-0:2.0.35-27.el7_9.tuxcare.els1.i686", "Red-Hat-7:gd-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:gd-0:2.0.35-27.el7_9.x86_64", "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.i686", "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.i686", "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:gd-devel-0:2.0.35-27.el7_9.x86_64", "Red-Hat-7:gd-progs-0:2.0.35-27.el7_9.tuxcare.els1.x86_64", "Red-Hat-7:gd-progs-0:2.0.35-27.el7_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }