Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv2

CVE-2006-2906

Published: 08/06/2006 Updated: 03/10/2018
CVSS v2 Base Score: 5.4 | Impact Score: 6.9 | Exploitability Score: 4.9
VMScore: 545
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C
Subscribe to Graphics Draw Library

Vulnerability Summary

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote malicious users to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.

Vulnerable Product Search on Vulmon Subscribe to Product

thomas boutell graphics draw library 2.0.33

Vendor Advisories

Debian CVElist Bug Report Logs: libgd2: CVE-2006-2906: infinte lop via malformed gif
Debian Bug report logs - #372912 libgd2: CVE-2006-2906: infinte lop via malformed gif Package: libgd2; Maintainer for libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Alec Berryman <alec@thenednet> Date: Mon, 12 Jun 2006 13:18:23 UTC Severity: important Tags: patch, pending, security Fixed in versions l ...
Ubuntu Security Notice: libgd2 vulnerability
Xavier Roche discovered that libgd’s function for reading GIF image data did not sufficiently verify its validity Specially crafted GIF images could cause an infinite loop which used up all available CPU resources Since libgd is often used in PHP and Perl web applications, this could lead to a remote Denial of Service vulnerability ...
Debian Security Advisories: DSA-1117-1 libgd2 -- insufficient input sanitising
It was discovered that the GD graphics library performs insufficient checks of the validity of GIF images, which might lead to denial of service by tricking the application into an infinite loop For the stable distribution (sarge) this problem has been fixed in version 2033-11sarge1 For the unstable distribution (sid) this problem has been fix ...

Exploits

Exploit DB: GD Graphics Library 2.0.33 - Remote Denial of Service
source: wwwsecurityfocuscom/bid/18294/info The GD Graphics Library is prone to a denial-of-service vulnerability Attackers can trigger an infinite-loop condition when the library tries to handle malformed image files This issue allows attackers to consume excessive CPU resources on computers that use the affected software This may den ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/1/436132http://www.securityfocus.com/bid/18294http://secunia.com/advisories/20500http://secunia.com/advisories/20571http://secunia.com/advisories/20853http://secunia.com/advisories/20866http://www.novell.com/linux/security/advisories/2006_31_php.htmlhttp://www.trustix.org/errata/2006/0038http://secunia.com/advisories/20887http://secunia.com/advisories/21050http://www.debian.org/security/2006/dsa-1117http://secunia.com/advisories/21186https://issues.rpath.com/browse/RPL-939http://secunia.com/advisories/23783http://secunia.com/advisories/20676http://www.mandriva.com/security/advisories?name=MDKSA-2006:112http://www.mandriva.com/security/advisories?name=MDKSA-2006:113http://www.mandriva.com/security/advisories?name=MDKSA-2006:122http://securityreason.com/securityalert/1067http://www.vupen.com/english/advisories/2006/2174https://exchange.xforce.ibmcloud.com/vulnerabilities/26976https://usn.ubuntu.com/298-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=372912https://usn.ubuntu.com/298-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/27981/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook