Published: 15/03/2017 Updated: 04/11/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) prior to 2.2.4 allows remote malicious users to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libgd libgd

The GD library could be made to crash or run programs if it processed a specially crafted image file ...

Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed For the stable distribution (jessie), these problems have been fixed in version 210-5+deb8u9 For the testing ...

The read_image_tga function in gd_tgac in the GD Graphics Library (aka libgd) before 224 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer ...

CWE-125 https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415 https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558 https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md http://www.securityfocus.com/bid/96503 http://www.debian.org/security/2017/dsa-3777 https://usn.ubuntu.com/3213-1/https://nvd.nist.gov

CVE-2016-6906

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect