CVE-2006-2906

Publication date 8 June 2006

Last updated 24 July 2024

Ubuntu priority

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libgd2	7.04 feisty	Fixed 2.0.34~rc1-2ubuntu1.1
	6.10 edgy	Fixed 2.0.33-4ubuntu2.1
	6.06 LTS dapper	Fixed 2.0.33-2ubuntu5.2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-298-1
libgd2 vulnerability
14 June 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-2906