Search for vulnerabilities
Vulnerability details: VCID-s49p-vkmx-aaag
Vulnerability ID VCID-s49p-vkmx-aaag
Aliases CVE-2006-2906
Summary The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
Status Published
Exploitability 2.0
Weighted Severity 4.9
Risk 9.8
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.06074 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.06074 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.06074 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.09626 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.09626 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.09626 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.09626 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.09626 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.09626 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.09626 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.09626 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.09626 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.09626 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.09626 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.11966 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.12249 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
epss 0.13432 https://api.first.org/data/v1/epss?cve=CVE-2006-2906
cvssv2 5.4 https://nvd.nist.gov/vuln/detail/CVE-2006-2906
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-2906.json
https://api.first.org/data/v1/epss?cve=CVE-2006-2906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2906
http://secunia.com/advisories/20500
http://secunia.com/advisories/20571
http://secunia.com/advisories/20676
http://secunia.com/advisories/20853
http://secunia.com/advisories/20866
http://secunia.com/advisories/20887
http://secunia.com/advisories/21050
http://secunia.com/advisories/21186
http://secunia.com/advisories/23783
http://securityreason.com/securityalert/1067
https://exchange.xforce.ibmcloud.com/vulnerabilities/26976
https://issues.rpath.com/browse/RPL-939
https://usn.ubuntu.com/298-1/
http://www.debian.org/security/2006/dsa-1117
http://www.mandriva.com/security/advisories?name=MDKSA-2006:112
http://www.mandriva.com/security/advisories?name=MDKSA-2006:113
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
http://www.novell.com/linux/security/advisories/2006_31_php.html
http://www.securityfocus.com/archive/1/436132
http://www.securityfocus.com/bid/18294
http://www.trustix.org/errata/2006/0038
http://www.vupen.com/english/advisories/2006/2174
372912 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=372912
cpe:2.3:a:thomas_boutell:graphics_draw_library:2.0.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:thomas_boutell:graphics_draw_library:2.0.33:*:*:*:*:*:*:*
CVE-2006-2906 https://nvd.nist.gov/vuln/detail/CVE-2006-2906
CVE-2006-2906;OSVDB-26260 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/27981.c
CVE-2006-2906;OSVDB-26260 Exploit https://www.securityfocus.com/bid/18294/info
Data source Exploit-DB
Date added June 6, 2006
Description GD Graphics Library 2.0.33 - Remote Denial of Service
Ransomware campaign use Known
Source publication date June 6, 2006
Exploit type dos
Platform linux
Source update date Aug. 31, 2013
Source URL https://www.securityfocus.com/bid/18294/info
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2006-2906
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93437
EPSS Score 0.06074
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.