CVE-2006-2906
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
95.0%
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| thomas_boutell | graphics_draw_library | 2.0.33 | cpe:2.3:a:thomas_boutell:graphics_draw_library:2.0.33:*:*:*:*:*:*:* |
References
secunia.com/advisories/20500
secunia.com/advisories/20571
secunia.com/advisories/20676
secunia.com/advisories/20853
secunia.com/advisories/20866
secunia.com/advisories/20887
secunia.com/advisories/21050
secunia.com/advisories/21186
secunia.com/advisories/23783
securityreason.com/securityalert/1067
www.debian.org/security/2006/dsa-1117
www.mandriva.com/security/advisories?name=MDKSA-2006:112
www.mandriva.com/security/advisories?name=MDKSA-2006:113
www.mandriva.com/security/advisories?name=MDKSA-2006:122
www.novell.com/linux/security/advisories/2006_31_php.html
www.securityfocus.com/archive/1/436132
www.securityfocus.com/bid/18294
www.trustix.org/errata/2006/0038
www.vupen.com/english/advisories/2006/2174
exchange.xforce.ibmcloud.com/vulnerabilities/26976
issues.rpath.com/browse/RPL-939
usn.ubuntu.com/298-1/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
95.0%