View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-6906 low priority: Ubuntu including 3 source packages (libgd2, php5, php7.0), 15 status rows across 5 suites (precise, trusty, upstream, xenial, yakkety): not-affected 5, DNE 4, released 4, needs-triage 2.
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.