| ID |
CVE-2006-2906
|
| Summary |
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 5.4 (as of 03-10-2018 - 21:43) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
HIGH |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:H/Au:N/C:N/I:N/A:C
|
| refmap
via4
|
| bid | 18294 | | bugtraq | 20060606 libgd 2.0.33 infinite loop in GIF decoding ? | | confirm | https://issues.rpath.com/browse/RPL-939 | | debian | DSA-1117 | | mandriva | - MDKSA-2006:112
- MDKSA-2006:113
- MDKSA-2006:122
| | secunia | - 20500
- 20571
- 20676
- 20853
- 20866
- 20887
- 21050
- 21186
- 23783
| | sreason | 1067 | | suse | SUSE-SA:2006:031 | | trustix | 2006-0038 | | ubuntu | USN-298-1 | | vupen | ADV-2006-2174 | | xf | gdgraphicslibrary-gif-dos(26976) |
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2007-03-14 | | organization | Red Hat | | statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
|
| Last major update |
03-10-2018 - 21:43 |
| Published |
08-06-2006 - 16:06 |
| Last modified |
03-10-2018 - 21:43 |
