php

• Author: voroskoi
• Vulnerable: 5.2.2-1terminus1
• Unaffected: 5.2.2-1terminus2

Xavier Roche has reported a vulnerability in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the incorrect use of libpng within the function “gdPngReadData()” in ext/gd/libgd/gd_png.c of the GD extension when processing truncated data. This can be exploited to cause an infinite loop by e.g. tricking an application to process a specially crafted file.

• Bug Tracker URL: http://bugs.frugalware.org/task/2075

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756