Denial of service in Boutell.Com, GD Graphics Library
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-6905 |
| CWE-ID | CWE-126 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
GD Graphics Library Universal components / Libraries / Libraries used by multiple products |
| Vendor | Boutell.Com, Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Denial of service
EUVDB-ID: #VU732
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6905
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause denial of service on the target system.
The weakness exists due to out-of-bounds reading error in function read_image_tga in gd_tga.c. Via impying of specially crafted TGA image attackers can trigger affected service deny.
Successful exploitation of the vulnerability results in denial of service on the target system.
Update to 2.2.3.
GD Graphics Library: 2.1.0 - 2.2.2
External linkshttp://lists.opensuse.org/opensuse-updates/2016-08/msg00121.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
