ID CVE-2006-2906
Summary The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
References
Vulnerable Configurations
  • cpe:2.3:a:thomas_boutell:graphics_draw_library:2.0.33:*:*:*:*:*:*:*
    cpe:2.3:a:thomas_boutell:graphics_draw_library:2.0.33:*:*:*:*:*:*:*
CVSS
Base: 5.4 (as of 03-10-2018 - 21:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:N/A:C
refmap via4
bid 18294
bugtraq 20060606 libgd 2.0.33 infinite loop in GIF decoding ?
confirm https://issues.rpath.com/browse/RPL-939
debian DSA-1117
mandriva
  • MDKSA-2006:112
  • MDKSA-2006:113
  • MDKSA-2006:122
secunia
  • 20500
  • 20571
  • 20676
  • 20853
  • 20866
  • 20887
  • 21050
  • 21186
  • 23783
sreason 1067
suse SUSE-SA:2006:031
trustix 2006-0038
ubuntu USN-298-1
vupen ADV-2006-2174
xf gdgraphicslibrary-gif-dos(26976)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 03-10-2018 - 21:43
Published 08-06-2006 - 16:06
Back to Top