Denial of service in GD Graphics Library - CVE-2016-6905
Published: October 4, 2016 / Updated: October 4, 2016
Vulnerability identifier: #VU732
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6905
CWE-ID: CWE-126
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
GD Graphics Library
GD Graphics Library
Software vendor:
Boutell.Com, Inc.
Boutell.Com, Inc.
Description
The vulnerability allows a remote user to cause denial of service on the target system.
The weakness exists due to out-of-bounds reading error in function read_image_tga in gd_tga.c. Via impying of specially crafted TGA image attackers can trigger affected service deny.
Successful exploitation of the vulnerability results in denial of service on the target system.
The weakness exists due to out-of-bounds reading error in function read_image_tga in gd_tga.c. Via impying of specially crafted TGA image attackers can trigger affected service deny.
Successful exploitation of the vulnerability results in denial of service on the target system.
Remediation
Update to 2.2.3.