CVE-2006-2906 : The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell g

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.

Published 2006-06-08 16:06:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2006-2906

Thomas Boutell » Graphics Draw Library » Version: 2.0.33
cpe:2.3:a:thomas_boutell:graphics_draw_library:2.0.33:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-2906

EPSS FAQ

11.97%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-2906

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.4	MEDIUM	AV:N/AC:H/Au:N/C:N/I:N/A:C	4.9	6.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

Vendor statements for CVE-2006-2906

Red Hat 2007-03-14

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References for CVE-2006-2906

http://www.vupen.com/english/advisories/2006/2174

Site en construction
http://www.mandriva.com/security/advisories?name=MDKSA-2006:113

Mandriva

CVEs referencing this url
http://secunia.com/advisories/21050

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/20676

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/20887

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/21186

About Secunia Research | Flexera
http://www.debian.org/security/2006/dsa-1117

Debian -- The Universal Operating System
http://www.mandriva.com/security/advisories?name=MDKSA-2006:112

Mandriva
http://securityreason.com/securityalert/1067

libgd 2.0.33 infinite loop in GIF decoding - CXSecurity.com
http://www.securityfocus.com/bid/18294

Exploit
http://secunia.com/advisories/20866

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/23783

About Secunia Research | Flexera

CVEs referencing this url
https://usn.ubuntu.com/298-1/

404: Page not found | Ubuntu
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122

Mandriva

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/26976

GD Graphics Library gdImageCreateFromGifPtr() GIF file denial of service CVE-2006-2906 Vulnerability Report
https://issues.rpath.com/browse/RPL-939

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2006_31_php.html

404 Page Not Found | SUSE

CVEs referencing this url
http://www.trustix.org/errata/2006/0038

Trustix | Empowering Trust and Security in the Digital Age

CVEs referencing this url
http://secunia.com/advisories/20571

About Secunia Research | Flexera
http://secunia.com/advisories/20853

About Secunia Research | Flexera
http://secunia.com/advisories/20500

About Secunia Research | Flexera
Vendor Advisory
http://www.securityfocus.com/archive/1/436132

Exploit

Jump to

Vulnerability Details : CVE-2006-2906

Products affected by CVE-2006-2906

Exploit prediction scoring system (EPSS) score for CVE-2006-2906

CVSS scores for CVE-2006-2906

Vendor statements for CVE-2006-2906

References for CVE-2006-2906