A vulnerability in GD Graphics Library (libgd) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is due to a double-free condition that exists in the gdImage*Ptr() functions, as defined in the gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c source code files of the affected software. An attacker could exploit the vulnerability by sending crafted image data that submits malicious input to the targeted system. A successful exploit could trigger a double-free condition, which could result in a complete system compromise.
Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.
The libgd project has confirmed the vulnerability, and software updates are available.