CVE-2006-2906

2006-06-0816:06:00

Debian Security Bug Tracker

security-tracker.debian.org

5.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

0.109 Low

EPSS

Percentile

95.0%

JSON

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.

OSVersionArchitecturePackageVersionFilename
Debian12alllibgd2< 2.0.33-5libgd2_2.0.33-5_all.deb
Debian11alllibgd2< 2.0.33-5libgd2_2.0.33-5_all.deb
Debian10alllibgd2< 2.0.33-5libgd2_2.0.33-5_all.deb
Debian999alllibgd2< 2.0.33-5libgd2_2.0.33-5_all.deb
Debian13alllibgd2< 2.0.33-5libgd2_2.0.33-5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libgd2	< 2.0.33-5	libgd2_2.0.33-5_all.deb
Debian	11	all	libgd2	< 2.0.33-5	libgd2_2.0.33-5_all.deb
Debian	10	all	libgd2	< 2.0.33-5	libgd2_2.0.33-5_all.deb
Debian	999	all	libgd2	< 2.0.33-5	libgd2_2.0.33-5_all.deb
Debian	13	all	libgd2	< 2.0.33-5	libgd2_2.0.33-5_all.deb