CVE-2016-6905
published 2016-10-03CVE-2016-6905: The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds…
PriorityP426medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
EPSS
2.56%
83.1th percentile
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | < libgd2 2.2.2-29-g3c2b605-1 (bookworm) | libgd2 2.2.2-29-g3c2b605-1 (bookworm) |
| libgd | libgd | <= 2.2.2 | — |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
gd: Out-of-bounds read in function read_image_tga in gd_tga.c
vendor_redhat·2016-07-05·CVSS 6.5
CVE-2016-6905 [MEDIUM] CWE-125 gd: Out-of-bounds read in function read_image_tga in gd_tga.c
gd: Out-of-bounds read in function read_image_tga in gd_tga.c
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
Package: gd (Red Hat Enterprise Linux 5) - Not affected
Package: libwmf (Red Hat Enterprise Linux 5) - Not affected
Package: php53 (Red Hat Enterprise Linux 5) - Not affected
Package: gd (Red Hat Enterprise Linux 6) - Not affected
Package: libwmf (Red Hat Enterprise Linux 6) - Not affected
Package: gd (Red Hat Enterprise Linux 7) - Not affected
Package: libwmf (Red Hat Enterprise Linux 7) - Not affected
Package: gd (Red Hat OpenShift Enterprise 2) - Not affected
Package: php54-php (Red Hat Software Collections) - Not affected
Pack
Debian
CVE-2016-6905: libgd2 - The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) b...
vendor_debian·2016·CVSS 6.5
CVE-2016-6905 [MEDIUM] CVE-2016-6905: libgd2 - The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) b...
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
Scope: local
bookworm: resolved (fixed in 2.2.2-29-g3c2b605-1)
bullseye: resolved (fixed in 2.2.2-29-g3c2b605-1)
forky: resolved (fixed in 2.2.2-29-g3c2b605-1)
sid: resolved (fixed in 2.2.2-29-g3c2b605-1)
trixie: resolved (fixed in 2.2.2-29-g3c2b605-1)
GHSA
GHSA-6hhv-cvx8-rhvf: The read_image_tga function in gd_tga
ghsa_unreviewed·2022-05-14
CVE-2016-6905 [MEDIUM] CWE-125 GHSA-6hhv-cvx8-rhvf: The read_image_tga function in gd_tga
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
OSV
CVE-2016-6905: The read_image_tga function in gd_tga
osv·2016-10-03·CVSS 6.5
CVE-2016-6905 [MEDIUM] CVE-2016-6905: The read_image_tga function in gd_tga
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-6905 gd: Out-of-bounds read in function read_image_tga in gd_tga.c [fedora-all]
bugzilla·2016-07-14·CVSS 6.5
CVE-2016-6905 [MEDIUM] CVE-2016-6905 gd: Out-of-bounds read in function read_image_tga in gd_tga.c [fedora-all]
CVE-2016-6905 gd: Out-of-bounds read in function read_image_tga in gd_tga.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported v
Bugzilla
CVE-2016-6905 gd: Out-of-bounds read in function read_image_tga in gd_tga.c
bugzilla·2016-07-14·CVSS 6.5
CVE-2016-6905 [MEDIUM] CVE-2016-6905 gd: Out-of-bounds read in function read_image_tga in gd_tga.c
CVE-2016-6905 gd: Out-of-bounds read in function read_image_tga in gd_tga.c
An out-of-bounds heap read vulnerability was found in latest revision of libgd when parsing specially crafted TGA file.
CVE request:
http://seclists.org/oss-sec/2016/q3/47
Upstream bug report:
https://github.com/libgd/libgd/issues/248
Upstream pull request:
https://github.com/libgd/libgd/pull/251
Discussion:
Created gd tracking bugs for this issue:
Affects: fedora-all [bug 1356486]
---
Closing as NOTABUG due to:
https://bugzilla.redhat.com/show_bug.cgi?id=1352544#c2
---
CVE assignment:
http://seclists.org/oss-sec/2016/q3/363
http://libgd.github.io/release-2.2.3.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00121.htmlhttp://lists.opensuse.org/opensuse-updates/2016-09/msg00078.htmlhttp://www.openwall.com/lists/oss-security/2016/08/23/1http://www.securityfocus.com/bid/91743https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186https://github.com/libgd/libgd/issues/248https://github.com/libgd/libgd/pull/251http://libgd.github.io/release-2.2.3.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00121.htmlhttp://lists.opensuse.org/opensuse-updates/2016-09/msg00078.htmlhttp://www.openwall.com/lists/oss-security/2016/08/23/1http://www.securityfocus.com/bid/91743https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186https://github.com/libgd/libgd/issues/248https://github.com/libgd/libgd/pull/251
2016-10-03
Published