GD DoS

Published: 2006-06-06
Last Updated: 2006-06-06 20:45:08 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
GD is a graphical library often used to create or manipulate images on the fly in websites.

Details about a vulnerability (and exploit) have been released on full disclosure that claim to cause the library to run an infinite loop while decoding crafted images. It's clear that when used this will lead to severely degraded performance of webservers.

No patch available so far, monitor http://www.boutell.com/gd/ if you use it in a vulnerable fashion.

Thanks Jim!

--
Swa Frantzen - Section 66
Keywords:
0 comment(s)
Diary Archives