GD is a graphical library often used to create or manipulate images on the fly in websites.
Details about a vulnerability (and exploit) have been released on full disclosure that claim to cause the library to run an infinite loop while decoding crafted images. It's clear that when used this will lead to severely degraded performance of webservers.
No patch available so far, monitor http://www.boutell.com/gd/ if you use it in a vulnerable fashion.
Swa Frantzen - Section 66
Jun 6th 2006
1 decade ago