CVE-2016-6906

The readimagetga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.

References

Affected packages

Git / github.com/libgd/libgd

Affected ranges

Type: GIT
Repo: https://github.com/libgd/libgd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

58b6dde319c301b0eae27d12e2a659e067d80558

Fixed

fb0e0cce0b9f25389ab56604c3547351617e1415

Affected versions

Other

GD_1_3_0

GD_1_4_0

GD_1_5_0

GD_1_6_0

GD_1_6_1

GD_1_6_2

GD_1_6_3

GD_1_7_0

GD_1_7_1

GD_1_7_2

GD_1_7_3

GD_1_8_0

GD_1_8_1

GD_1_8_3

GD_1_8_4

GD_2_0_0

GD_2_0_1

GD_2_0_10

GD_2_0_11

GD_2_0_12

GD_2_0_13

GD_2_0_14

GD_2_0_15

GD_2_0_17

GD_2_0_18

GD_2_0_19

GD_2_0_2

GD_2_0_20

GD_2_0_21

GD_2_0_22

GD_2_0_23

GD_2_0_24

GD_2_0_25

GD_2_0_26

GD_2_0_27

GD_2_0_28

GD_2_0_29

GD_2_0_3

GD_2_0_30

GD_2_0_31

GD_2_0_32

GD_2_0_33

GD_2_0_34RC1

GD_2_0_4

GD_2_0_5

GD_2_0_6

GD_2_0_7

GD_2_0_8

GD_2_0_9

gd-2.*

gd-2.1.0

gd-2.1.0-alpha1

gd-2.1.0-rc1

gd-2.1.0-rc2

gd-2.1.1

gd-2.2.0

gd-2.2.1

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2016-6906-0b835fb5",
            "digest": {
                "length": 220.0,
                "function_hash": "221817007481984082490393720365388509004"
            },
            "signature_version": "v1",
            "target": {
                "function": "main",
                "file": "tests/tga/heap_overflow.c"
            },
            "source": "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2016-6906-76c44a20",
            "digest": {
                "length": 2331.0,
                "function_hash": "133981411166655686167643228086936406098"
            },
            "signature_version": "v1",
            "target": {
                "function": "read_image_tga",
                "file": "src/gd_tga.c"
            },
            "source": "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2016-6906-9ef5b5fe",
            "digest": {
                "length": 2283.0,
                "function_hash": "313491885300404418528983452416330495039"
            },
            "signature_version": "v1",
            "target": {
                "function": "read_image_tga",
                "file": "src/gd_tga.c"
            },
            "source": "https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2016-6906-df183342",
            "digest": {
                "line_hashes": [
                    "283165936932129907493891340807525991341",
                    "141464916060364538192549316599818685788",
                    "15568252723028703085783273377507004347",
                    "106630161317693510202359332075049135781",
                    "137639860745247822653172809542557393346",
                    "222374484034007733712976557154961854199",
                    "15568252723028703085783273377507004347",
                    "106630161317693510202359332075049135781"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "target": {
                "file": "src/gd_tga.c"
            },
            "source": "https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2016-6906-ed7b10c3",
            "digest": {
                "line_hashes": [
                    "339993450655758998564000225943823757159",
                    "294578505867114113232475943856842708730",
                    "170395616663835690782956344718055832151",
                    "125099226315693739285394566592616668745",
                    "187223120924874136872064095421416161828",
                    "148005316287524098709957431141630263734",
                    "30456874251192479206787347446031324940",
                    "252880705598875197840379334621464035791",
                    "327019048645712195373940770854539893433",
                    "40620611068071822890417320439313637708",
                    "301056067650554684687514126015140160957",
                    "252517539939949910038334538245246653033",
                    "42518736046209688167213337232283517077"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "target": {
                "file": "tests/tga/heap_overflow.c"
            },
            "source": "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2016-6906-fb95f378",
            "digest": {
                "line_hashes": [
                    "35425011894096212034497675172420309773",
                    "303576572222494818749589041243700943734",
                    "81991918101388436228664879216765274948"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "target": {
                "file": "src/gd_tga.c"
            },
            "source": "https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558",
            "deprecated": false,
            "signature_type": "Line"
        }
    ]
}