Wednesday, 23 May 2007

PHP 'gdPngReadData()' Truncated PNG Data Denial of Service

Xavier Roche has reported vulnerability in PHP, which can be exploited by malicious people to cause a Denial of Service (DoS).

The vulnerability is caused due to the incorrect use of libpng within the function gdPngReadData()’ in ext/gd/libgd/gd_png.c of the GD extension when processing truncated data. This can be exploited to cause an infinite loop by for example tricking an application to process a specially crafted file.

The vulnerability is reported in versions 4.4.7 and 5.2.2. Other versions may also be affected.