CVE-2006-2906 Information

Description

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.

Reference

http://secunia.com/advisories/20500 http://secunia.com/advisories/20571 http://secunia.com/advisories/20676 http://secunia.com/advisories/20853 http://secunia.com/advisories/20866 http://secunia.com/advisories/20887 http://secunia.com/advisories/21050 http://secunia.com/advisories/21186 http://secunia.com/advisories/23783 http://securityreason.com/securityalert/1067 http://www.debian.org/security/2006/dsa-1117 http://www.mandriva.com/security/advisories?name=MDKSA-2006:112 http://www.mandriva.com/security/advisories?name=MDKSA-2006:113 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 http://www.novell.com/linux/security/advisories/2006_31_php.html http://www.securityfocus.com/archive/1/436132 http://www.securityfocus.com/bid/18294 http://www.trustix.org/errata/2006/0038 http://www.vupen.com/english/advisories/2006/2174 https://exchange.xforce.ibmcloud.com/vulnerabilities/26976 https://issues.rpath.com/browse/RPL-939 https://usn.ubuntu.com/298-1/