CVE-2006-2906
published 2006-06-08CVE-2006-2906: The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a…
PriorityP427medium5.4CVSS 2.0
AVNACHAuNCNINAC
EXPLOIT
EPSS
10.17%
95.1th percentile
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | < libgd2 2.0.33-5 (bookworm) | libgd2 2.0.33-5 (bookworm) |
| thomas_boutell | graphics_draw_library | — | — |
CVSS provenance
nvdv2.05.4MEDIUMAV:N/AC:H/Au:N/C:N/I:N/A:C
osv5.4MEDIUM
vendor_debian5.4LOW
vendor_redhat5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hc5w-hw37-7qxf: The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2
ghsa_unreviewed·2022-05-01
CVE-2006-2906 [MEDIUM] GHSA-hc5w-hw37-7qxf: The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
OSV
CVE-2006-2906: The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2
osv·2006-06-08·CVSS 5.4
CVE-2006-2906 [MEDIUM] CVE-2006-2906: The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
Ubuntu
libgd2 vulnerability
vendor_ubuntu·2006-06-14
CVE-2006-2906 libgd2 vulnerability
Title: libgd2 vulnerability
Summary: libgd2 vulnerability
Xavier Roche discovered that libgd's function for reading GIF image
data did not sufficiently verify its validity. Specially crafted GIF
images could cause an infinite loop which used up all available CPU
resources. Since libgd is often used in PHP and Perl web applications,
this could lead to a remote Denial of Service vulnerability.
Instructions: After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Debian
CVE-2006-2906: libgd2 - The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell g...
vendor_debian·2006·CVSS 5.4
CVE-2006-2906 [MEDIUM] CVE-2006-2906: libgd2 - The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell g...
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
Scope: local
bookworm: resolved (fixed in 2.0.33-5)
bullseye: resolved (fixed in 2.0.33-5)
forky: resolved (fixed in 2.0.33-5)
sid: resolved (fixed in 2.0.33-5)
trixie: resolved (fixed in 2.0.33-5)
Red Hat
CVE-2006-2906: The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2
vendor_redhat·CVSS 5.4
CVE-2006-2906 [MEDIUM] CVE-2006-2906: The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Suricata
ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6542 [HIGH] ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id UPDATE
ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id UPDATE"; flow:established,to_server; http.uri; content:"/news.php?"; nocase; content:"id="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-6542; reference:url,www.milw0rm.com/exploits/2906; classtype:web-application-attack; sid:2006332; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, m
Suricata
ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6542 [HIGH] ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id INSERT
ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id INSERT"; flow:established,to_server; http.uri; content:"/news.php?"; nocase; content:"id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6542; reference:url,www.milw0rm.com/exploits/2906; classtype:web-application-attack; sid:2006329; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6542 [HIGH] ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id SELECT
ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id SELECT"; flow:established,to_server; http.uri; content:"/news.php?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6542; reference:url,www.milw0rm.com/exploits/2906; classtype:web-application-attack; sid:2006327; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6542 [HIGH] ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id UNION SELECT
ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id UNION SELECT"; flow:established,to_server; http.uri; content:"/news.php?"; nocase; content:"id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6542; reference:url,www.milw0rm.com/exploits/2906; classtype:web-application-attack; sid:2006328; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techniq
Suricata
ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6542 [HIGH] ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id DELETE
ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id DELETE"; flow:established,to_server; http.uri; content:"/news.php?"; nocase; content:"id="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6542; reference:url,www.milw0rm.com/exploits/2906; classtype:web-application-attack; sid:2006330; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6542 [HIGH] ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id ASCII
ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id ASCII"; flow:established,to_server; http.uri; content:"/news.php?"; nocase; content:"id="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6542; reference:url,www.milw0rm.com/exploits/2906; classtype:web-application-attack; sid:2006331; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
http://secunia.com/advisories/20500http://secunia.com/advisories/20571http://secunia.com/advisories/20676http://secunia.com/advisories/20853http://secunia.com/advisories/20866http://secunia.com/advisories/20887http://secunia.com/advisories/21050http://secunia.com/advisories/21186http://secunia.com/advisories/23783http://securityreason.com/securityalert/1067http://www.debian.org/security/2006/dsa-1117http://www.mandriva.com/security/advisories?name=MDKSA-2006:112http://www.mandriva.com/security/advisories?name=MDKSA-2006:113http://www.mandriva.com/security/advisories?name=MDKSA-2006:122http://www.novell.com/linux/security/advisories/2006_31_php.htmlhttp://www.securityfocus.com/archive/1/436132http://www.securityfocus.com/bid/18294http://www.trustix.org/errata/2006/0038http://www.vupen.com/english/advisories/2006/2174https://exchange.xforce.ibmcloud.com/vulnerabilities/26976https://issues.rpath.com/browse/RPL-939https://usn.ubuntu.com/298-1/http://secunia.com/advisories/20500http://secunia.com/advisories/20571http://secunia.com/advisories/20676http://secunia.com/advisories/20853http://secunia.com/advisories/20866http://secunia.com/advisories/20887http://secunia.com/advisories/21050http://secunia.com/advisories/21186http://secunia.com/advisories/23783http://securityreason.com/securityalert/1067http://www.debian.org/security/2006/dsa-1117http://www.mandriva.com/security/advisories?name=MDKSA-2006:112http://www.mandriva.com/security/advisories?name=MDKSA-2006:113http://www.mandriva.com/security/advisories?name=MDKSA-2006:122http://www.novell.com/linux/security/advisories/2006_31_php.htmlhttp://www.securityfocus.com/archive/1/436132http://www.securityfocus.com/bid/18294http://www.trustix.org/errata/2006/0038http://www.vupen.com/english/advisories/2006/2174https://exchange.xforce.ibmcloud.com/vulnerabilities/26976https://issues.rpath.com/browse/RPL-939https://usn.ubuntu.com/298-1/
2006-06-08
Published