CVE-2006-2906
EPSS 15.3%libgd2 - insufficient input sanitising
Published: 6/8/2006Modified: 4/28/2026
Description
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
Affected packages (2)
- Debian/libgd2from 0, < 2.0.33-5
- Debian/libgd2from 0, < 2.0.33-1.1sarge1