#VU732 Denial of service in GD Graphics Library - CVE-2016-6905

Cybersecurity Help s.r.o.

Published: 2016-10-04 | Updated: 2016-10-04

Vulnerability identifier: #VU732

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-6905

CWE-ID: CWE-126

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
GD Graphics Library
Universal components / Libraries / Libraries used by multiple products

Vendor: Boutell.Com, Inc.

Description
The vulnerability allows a remote user to cause denial of service on the target system.
The weakness exists due to out-of-bounds reading error in function read_image_tga in gd_tga.c. Via impying of specially crafted TGA image attackers can trigger affected service deny.
Successful exploitation of the vulnerability results in denial of service on the target system.

Mitigation
Update to 2.2.3.

Vulnerable software versions

GD Graphics Library: 2.1.0 alpha1 - 2.2.2

External links
https://lists.opensuse.org/opensuse-updates/2016-08/msg00121.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Boutell.Com, GD Graphics Library