PT-2006-7562 · Libgd · Libgd

Rocheml

Published

1970-01-01

Updated

2018-10-03

CVE-2006-2906

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libgd version 2.0.33

Description The issue is related to the LZW decoding in the gdImageCreateFromGifPtr function, which allows remote attackers to cause a denial of service due to CPU consumption via malformed GIF data that causes an infinite loop. Multiple vulnerabilities in the libgd package may lead to disruption of protected information and can be exploited remotely.

Recommendations For libgd version 2.0.33, consider updating to a newer version that addresses the issue with the LZW decoding in the gdImageCreateFromGifPtr function to prevent denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-03085

BDU:2015-03086

CVE-2006-2906

DSA-1117

Affected Products

Libgd

PT-2006-7562 · Libgd · Libgd

CVE-2006-2906

Related Identifiers

Affected Products

References · 31