libgd の gdPngReadData() にバグ
げ、いろんな所で使ってるよ
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.
KTOK さんのところが怖いので gd-2.0.35RC4 に上げました。
Permanent Link: http://www.cuspy.org/blog/archives/466
Trackback URL: http://www.cuspy.org/blog/archives/466/trackback