Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-2906 — Infinite Loop in Boutell Graphics Draw Library

8 documents8 sources

Severity

5.4MEDIUMNVD

EPSS

15.3%

top 5.36%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Libgd2 Thomas Boutell Graphics Draw Library

Timeline

PublishedJun 8

Latest updateMay 1

Description

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.

CVSS vector

AV:N/AC:H/C:N/I:N/A:CExploitability: 4.9 | Impact: 6.9

Affected Packages2 packages

▶NVDthomas_boutell/graphics_draw_library2.0.33

▶debiandebian/libgd2< libgd2 2.0.33-5 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-hc5w-hw37-7qxf: The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2↗2022-05-01

▶

OSV

CVE-2006-2906: The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2↗2006-06-08

▶

💥Exploits & PoCs

Exploit-DB

GD Graphics Library 2.0.33 - Remote Denial of Service↗2006-06-06

▶

📋Vendor Advisories

Ubuntu

libgd2 vulnerability↗2006-06-14

▶

Debian

CVE-2006-2906: libgd2 - The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell g...↗2006

▶

Red Hat

CVE-2006-2906: The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2↗

▶

💬Community

Bugzilla

CVE-2006-2906 gd denial of service↗2006-06-08

▶