The readimagetga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"263338616471124220503043253082437292904",
"31000100657142559304979551962267908643",
"183804931480520940787143071533336557063",
"242900354783927881132320031000585444472",
"137576676101298210998585372321847849839",
"229260443438122527870740329493642306007",
"14336425063350563475893674927401561796",
"170275526587140690810667574411797550226",
"243326598763063495698113086608308225748",
"218421369725904409339189520753653110577",
"294969011813775192170813686771974570232",
"160404730317204032626266116646092874034",
"269838563000061620325829859461030474698",
"284493872219512788957055064059739972542",
"71144925059152600392708027950444535143",
"144189907098002330028681126227675878716",
"17448355068713968007013570008885764610",
"15881539661546982613586794208154286622",
"298383346940574426894356307041301056546",
"224983335206663834060894548683091508842",
"154398766447558974567395503910612333357",
"96252021667969076384995295891192479774",
"54519818484878553276522718568291377044",
"85785600637868727890616453391076703592",
"243326598763063495698113086608308225748",
"218421369725904409339189520753653110577",
"294969011813775192170813686771974570232",
"160404730317204032626266116646092874034",
"269838563000061620325829859461030474698",
"284493872219512788957055064059739972542",
"71144925059152600392708027950444535143",
"144189907098002330028681126227675878716",
"152877145846678278752206901764412020079",
"268154877812631065202409925863302675645",
"188849533591271881583276972169876036475",
"241634334627581351892286265088852170362",
"108587633537507210242609878158511307392",
"317020317628908665409671761851493114880"
]
},
"target": {
"file": "src/gd_tga.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03",
"id": "CVE-2016-6905-9e671305"
},
{
"digest": {
"length": 2116.0,
"function_hash": "318558471273598071253749944011275991116"
},
"target": {
"function": "read_image_tga",
"file": "src/gd_tga.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186",
"id": "CVE-2016-6905-a02528cb"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"35425011894096212034497675172420309773",
"137576676101298210998585372321847849839",
"229260443438122527870740329493642306007",
"28263119248774846812552438829400142818",
"262929829821917167811831011805076192958",
"206991234581768884905216919559318061037",
"144189907098002330028681126227675878716",
"17448355068713968007013570008885764610",
"24108349718832749568963134875678576322",
"26753026693652278219589919450218726435",
"180686312022484326960970275757886384624",
"206991234581768884905216919559318061037",
"144189907098002330028681126227675878716",
"152877145846678278752206901764412020079",
"268154877812631065202409925863302675645",
"188849533591271881583276972169876036475",
"241634334627581351892286265088852170362"
]
},
"target": {
"file": "src/gd_tga.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186",
"id": "CVE-2016-6905-cd268584"
}
]