CVE-2016-6905 - OpenCVE

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libgd	Libgd
Opensuse	Leap Opensuse

Configuration 1 [-]

cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:leap:42.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

No data.

References

Link	Providers
http://libgd.github.io/release-2.2.3.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00121.html
http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html
http://www.openwall.com/lists/oss-security/2016/08/23/1
http://www.securityfocus.com/bid/91743
https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03
https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186
https://github.com/libgd/libgd/issues/248
https://github.com/libgd/libgd/pull/251
https://nvd.nist.gov/vuln/detail/CVE-2016-6905
https://www.cve.org/CVERecord?id=CVE-2016-6905

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-10-03T21:00:00

Updated: 2024-08-06T01:43:38.469Z

Reserved: 2016-08-22T00:00:00

Link: CVE-2016-6905

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-10-03T21:59:05.957

Modified: 2018-10-30T16:27:35.843

Link: CVE-2016-6905

Redhat

Severity : Low

Publid Date: 2016-07-05T00:00:00Z

Links: CVE-2016-6905 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-12T00:00:00", "descriptions": [{"lang": "en", "value": "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-15T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "openSUSE-SU-2016:2363", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"}, {"name": "91743", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91743"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://libgd.github.io/release-2.2.3.html"}, {"name": "openSUSE-SU-2016:2203", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00121.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/issues/248"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/pull/251"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03"}, {"name": "[oss-security] 20160822 Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/08/23/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6905", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2016:2363", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"}, {"name": "91743", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91743"}, {"name": "http://libgd.github.io/release-2.2.3.html", "refsource": "CONFIRM", "url": "http://libgd.github.io/release-2.2.3.html"}, {"name": "openSUSE-SU-2016:2203", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00121.html"}, {"name": "https://github.com/libgd/libgd/issues/248", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/issues/248"}, {"name": "https://github.com/libgd/libgd/pull/251", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/pull/251"}, {"name": "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186"}, {"name": "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03"}, {"name": "[oss-security] 20160822 Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/08/23/1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:43:38.469Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2016:2363", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"}, {"name": "91743", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91743"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://libgd.github.io/release-2.2.3.html"}, {"name": "openSUSE-SU-2016:2203", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00121.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/issues/248"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/pull/251"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03"}, {"name": "[oss-security] 20160822 Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/08/23/1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6905", "datePublished": "2016-10-03T21:00:00", "dateReserved": "2016-08-22T00:00:00", "dateUpdated": "2024-08-06T01:43:38.469Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*", "matchCriteriaId": "CABE614C-FFD3-4B02-B5DF-658185F8D874", "versionEndIncluding": "2.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image."}, {"lang": "es", "value": "La funci\u00f3n read_image_tga en gd_tga.c en el GD Graphics Library (tambi\u00e9n conocido como libgd) en versiones anteriores a 2.2.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de fuera de l\u00edmites) a trav\u00e9s de una imagen TGA manipulada."}], "id": "CVE-2016-6905", "lastModified": "2018-10-30T16:27:35.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-03T21:59:05.957", "references": [{"source": "cve@mitre.org", "url": "http://libgd.github.io/release-2.2.3.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00121.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/08/23/1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91743"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/libgd/libgd/issues/248"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/libgd/libgd/pull/251"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "gd: Out-of-bounds read in function read_image_tga in gd_tga.c", "id": "1356485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356485"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "draft"}, "cvss3": {"cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-125", "details": ["The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image."], "name": "CVE-2016-6905", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "libwmf", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libwmf", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libwmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "php54-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "php55-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-php56-php", "product_name": "Red Hat Software Collections"}], "public_date": "2016-07-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-6905\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6905"], "threat_severity": "Low"}