cbcvebase.
CVE-2006-2906
published 2006-06-08

CVE-2006-2906: The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a…

PriorityP427medium5.4CVSS 2.0
AVNACHAuNCNINAC
EXPLOIT
EPSS
10.17%
95.1th percentile
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.

Affected

2 ranges
VendorProductVersion rangeFixed in
debianlibgd2< libgd2 2.0.33-5 (bookworm)libgd2 2.0.33-5 (bookworm)
thomas_boutellgraphics_draw_library

CVSS provenance

nvdv2.05.4MEDIUMAV:N/AC:H/Au:N/C:N/I:N/A:C
osv5.4MEDIUM
vendor_debian5.4LOW
vendor_redhat5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.