OpenCVE

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libgd	Libgd

Configuration 1 [-]

cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.debian.org/security/2017/dsa-3777
http://www.securityfocus.com/bid/96503
https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md
https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558
https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415
https://nvd.nist.gov/vuln/detail/CVE-2016-6906
https://www.cve.org/CVERecord?id=CVE-2016-6906

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-03-15T14:00:00

Updated: 2024-08-06T01:43:38.552Z

Reserved: 2016-08-22T00:00:00

Link: CVE-2016-6906

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-03-15T14:59:00.430

Modified: 2024-11-21T02:57:04.300

Link: CVE-2016-6906

Redhat

Severity : Moderate

Publid Date: 2016-08-16T00:00:00Z

Links: CVE-2016-6906 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558"}, {"name": "DSA-3777", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3777"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415"}, {"name": "96503", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96503"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6906", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"}, {"name": "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558"}, {"name": "DSA-3777", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3777"}, {"name": "https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415"}, {"name": "96503", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96503"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:43:38.552Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558"}, {"name": "DSA-3777", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3777"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415"}, {"name": "96503", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96503"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6906", "datePublished": "2017-03-15T14:00:00", "dateReserved": "2016-08-22T00:00:00", "dateUpdated": "2024-08-06T01:43:38.552Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*", "matchCriteriaId": "E040BCCE-C098-492F-990F-D0196B519B10", "versionEndIncluding": "2.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer."}, {"lang": "es", "value": "La funci\u00f3n read_image_tga en gd_tga.c en la GD Graphics Library (tambi\u00e9n conocido como libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un archivo TGA manipulado, relacionado con el b\u00fafer de descompresi\u00f3n."}], "id": "CVE-2016-6906", "lastModified": "2024-11-21T02:57:04.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-15T14:59:00.430", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3777"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96503"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2017/dsa-3777"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96503"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "gd: Out-of-bounds read in read_image_tga function", "id": "1435313", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435313"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer."], "name": "CVE-2016-6906", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "libwmf", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libwmf", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libwmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-php56-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-php70-php", "product_name": "Red Hat Software Collections"}], "public_date": "2016-08-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-6906\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6906"], "threat_severity": "Moderate", "upstream_fix": "gd 2.2.4"}