GD DoS
GD is a graphical library often used to create or manipulate images on the fly in websites.
Details about a vulnerability (and exploit) have been released on full disclosure that claim to cause the library to run an infinite loop while decoding crafted images. It's clear that when used this will lead to severely degraded performance of webservers.
No patch available so far, monitor http://www.boutell.com/gd/ if you use it in a vulnerable fashion.
Thanks Jim!
--
Swa Frantzen - Section 66
Details about a vulnerability (and exploit) have been released on full disclosure that claim to cause the library to run an infinite loop while decoding crafted images. It's clear that when used this will lead to severely degraded performance of webservers.
No patch available so far, monitor http://www.boutell.com/gd/ if you use it in a vulnerable fashion.
Thanks Jim!
--
Swa Frantzen - Section 66
Keywords:
0 comment(s)
Click HERE to learn more about classes Swa is teaching for SANS
×
![modal content]()
Diary Archives
Comments