Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: GD DoS - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
GD is a graphical library often used to create or manipulate images on the fly in websites.

Details about a vulnerability (and exploit) have been released on full disclosure that claim to cause the library to run an infinite loop while decoding crafted images. It's clear that when used this will lead to severely degraded performance of webservers.

No patch available so far, monitor if you use it in a vulnerable fashion.

Thanks Jim!

Swa Frantzen - Section 66

760 Posts

Sign Up for Free or Log In to start participating in the conversation!