CVE-2006-2906
First published: Thu Jun 08 2006(Updated: )
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GD Graphics Library | =2.0.33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/436132
- http://www.securityfocus.com/bid/18294
- http://secunia.com/advisories/20500
- http://secunia.com/advisories/20571
- http://secunia.com/advisories/20853
- http://secunia.com/advisories/20866
- http://www.novell.com/linux/security/advisories/2006_31_php.html
- http://www.trustix.org/errata/2006/0038
- http://secunia.com/advisories/20887
- http://secunia.com/advisories/21050
- http://www.debian.org/security/2006/dsa-1117
- http://secunia.com/advisories/21186
- https://issues.rpath.com/browse/RPL-939
- http://secunia.com/advisories/23783
- http://secunia.com/advisories/20676
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:112
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:113
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
- http://securityreason.com/securityalert/1067
- http://www.vupen.com/english/advisories/2006/2174
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26976
- https://usn.ubuntu.com/298-1/
Frequently Asked Questions
What is the severity of CVE-2006-2906?
CVE-2006-2906 is classified as a moderate severity vulnerability due to its potential for causing denial of service.
How do I fix CVE-2006-2906?
To fix CVE-2006-2906, upgrade to a patched version of the GD library that addresses this vulnerability.
What type of attack does CVE-2006-2906 enable?
CVE-2006-2906 enables denial of service attacks by causing excessive CPU consumption through malformed GIF data.
Which versions of the GD library are affected by CVE-2006-2906?
The vulnerability affects version 2.0.33 of the GD library specifically.
Is CVE-2006-2906 easy to exploit?
Yes, CVE-2006-2906 can be easily exploited by sending specially crafted GIF files to the affected software.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/thomas boutell
- product/graphics draw library
- canonical/thomas boutell graphics draw library
- canonical/gd graphics library
- version/gd graphics library/2.0.33