News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Secunia.com:
PHP "gdPngReadData()" Truncated PNG Data Denial of Service
May 22, 2007 @ 11:09:00

Secunia has posted this new advisory today about an issue with the GD graphics library functionality in PHP that could be used to cause a Denial of Service via a truncated PNG image.

The vulnerability is caused due to the incorrect use of libpng within the function "gdPngReadData()" in ext/gd/libgd/gd_png.c of the GD extension when processing truncated data. This can be exploited to cause an infinite loop by e.g. tricking an application to process a specially crafted file. (reported by Xavier Roche)

This issue has been confirmed in PHP versions 4.4.7 and 5.2.2 but may affect others. The issue has already been corrected, however, and can be fetched from the PHP CVS system to protect your system.

0 comments voice your opinion now!
gd image png truncate denialofservice secunia gdpngreaddata gd image png truncate denialofservice secunia gdpngreaddata


blog comments powered by Disqus

Similar Posts

DevShed: Drawing Basic Rectangles in PDF Documents with PHP 5

Pierre\'s Blog: What\'s new in GD, 5.1.x

Secunia.com: rPath update for gd, php, php-mysql, and php-pgsql

Maurice Svay's Blog: Face detection in pure PHP (without OpenCV)

Michael Maclean's Blog: Using Pango for PHP: a taster


Community Events

Don't see your event here?
Let us know!


unittest framework language threedevsandamaybe introduction library community laravel podcast version extension security series laravel5 release opinion interview voicesoftheelephpant api symfony

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework