gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
{ "vanir_signatures": [ { "id": "CVE-2016-6214-1277a250", "digest": { "length": 1332.0, "function_hash": "55900490187423335330061296559373662146" }, "target": { "function": "gdImageCreateFromTgaCtx", "file": "src/gd_tga.c" }, "signature_version": "v1", "source": "https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7", "deprecated": false, "signature_type": "Function" }, { "id": "CVE-2016-6214-4f495b72", "digest": { "length": 1493.0, "function_hash": "37064346827640731547326727603637989507" }, "target": { "function": "read_header_tga", "file": "src/gd_tga.c" }, "signature_version": "v1", "source": "https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7", "deprecated": false, "signature_type": "Function" }, { "id": "CVE-2016-6214-887f3a9b", "digest": { "line_hashes": [ "260666195903274125141485926370821504385", "313574199412802646470636348552250275738", "128373506977164072793474050797181921731", "286162231239254963014910501664243199713", "274997624418073002567592884343268777666", "335424365619064663184464761993890110401", "74461475998663967309038838447206131192", "318633837655575569043704940444817072410", "89214482570473447586551989623381005071", "235881890338064293325088245582286174889", "117614744725804787332167252931684301078", "88810359274775174604650321526908194619", "96730783909642883164274645651287601940", "325558587484593738894404098801093233528", "74256367332740332339142324129698002304", "308875761997315018365033601396781395649", "197387456224307533672784995922925912039" ], "threshold": 0.9 }, "target": { "file": "src/gd_tga.c" }, "signature_version": "v1", "source": "https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7", "deprecated": false, "signature_type": "Line" } ] }