CVE-2021-38115: 
CBL Mariner vulnerability analysis and mitigation

CVE-2021-38115 affects the GD Graphics Library (LibGD) through version 2.3.2. The vulnerability was discovered in the readheadertga function in gd_tga.c, which allows remote attackers to cause a denial of service through an out-of-bounds read when processing crafted TGA files. The vulnerability was disclosed on August 4, 2021 (NVD).

The vulnerability exists in the readheadertga function within gd_tga.c, specifically related to the handling of TGA file headers. The issue occurs when processing the identifier size field of TGA files, where there is insufficient validation of the gdGetBuf return value. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can lead to a denial of service condition through an out-of-bounds read operation. The impact is primarily on the availability of systems processing TGA images using affected versions of LibGD (NVD).

The vulnerability has been fixed in LibGD version 2.3.3. The fix involves adding proper validation checks for the gdGetBuf return value in the readheadertga function. Users are advised to upgrade to version 2.3.3 or later to address this vulnerability (GitHub Patch).