Critical Command Execution Vulnerability in Ubuntu's libgd-perl (USN-8484-1)

A critical vulnerability has been identified in the GD.pm Perl module within Ubuntu systems, allowing attackers to execute arbitrary commands or overwrite files by opening specially crafted files. The flaw arises from improper handling of filename arguments in GD.pm. Affected versions include libgd-perl 2.84-2ubuntu0.1 for Ubuntu 26.04 LTS and earlier versions down to 22.04 LTS. Users are advised to update their systems to mitigate this risk. The vulnerability has been classified under USN-8484-1, and a standard system update will apply the necessary patches. No active exploitation has been reported yet, but the potential for serious damage exists if left unaddressed.

Key Points: • A critical vulnerability in GD.pm allows command execution and file overwriting. • Affected versions include libgd-perl 2.84-2ubuntu0.1 and earlier for multiple Ubuntu LTS releases. • Users are urged to apply updates immediately to mitigate potential risks.