Congratulations to AcaCandy on her 100,000th post!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
acer audio black screen blue screen boot bsod computer connection crash css dell driver drivers email error ethernet excel explorer firefox firefox 3 hard drive internet internet explorer itunes laptop linux malware monitor network networking nvidia outlook outlook 2003 outlook 2007 outlook express partition problem router security slow software sound trojan usb video virus vista windows windows xp wireless
Software Development
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Software & Hardware > Software Development >
pHp GD Graphics Library integer overflow


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Closed Thread
 
Thread Tools
eddie5659's Avatar
Computer Specs
Moderator with 18,494 posts.
  
Join Date: Mar 2001
Location: Bradford, England
27-Oct-2004, 07:49 AM #1
Exclamation pHp GD Graphics Library integer overflow
Hiya



An ANSI C library for the dynamic creation of images. GD creates PNG, JPEG and GIF images, among other formats. It is the library used by PHP to manipulate images.

There is an integer overflow when allocating memory in the routine that handles loading PNG image files. This later leads to heap data structures being overwritten. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Many programs use GD, such as ImageMagick, and more importantly it is also the image library used for PHP, and there is a Perl module as well. One possibile target would be PHP driven photo websites that let users upload images. Some of them will resize/compress the image when the user uploads them. If this is done using GD, this could be used to execute code on the server. There is a mitigating factor, in order to reach the vulnerable code, a large amount of memory needs to be allocated.


The vulnerable code occurs in the file gd_png.c, in the function
gdImageCreateFromPngCtx(), which is called by gdImageCreateFromPng().



This is in the latest version of pHp, and has been reported to the programmer, who is looking at updating.




*As I'm on a mailing list for Bugtraq, this is one of the emails*

Regards

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream
Last edited by eddie5659 : 05-Nov-2004 05:47 AM.
eddie5659's Avatar
Computer Specs
Moderator with 18,494 posts.
  
Join Date: Mar 2001
Location: Bradford, England
05-Nov-2004, 05:46 AM #2
Unsticking this now
Closed Thread

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

« Previous Thread | Software Development | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who help people like you solve computer problems. See our Welcome Guide to get started.



Thread Tools


Related Sites: 56k Dial-Up | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 06:18 AM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.