In association with heise online

08 February 2007, 23:07

libgd graphics library remedies security holes [Update]

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Among other things the just released version 2.0.34 of the libgd graphics library takes care of a number of vulnerabilities. The developers urgently advise users to update. libgd is used on many Web servers to process images via PHP, for instance.

The release notes do not indicate whether a flaw recently make public by a Ubuntu developer in the font handling in gdImageStringFTEx() has also been remedied. A buffer overflow caused by this would at the very least cause a system to crash and possibly allow external code to be executed -- but this has not been proven.

Apparently the font handling bug (CVE-2007-0455) has also been fixed in this release, as can be seen in the News file. (Thanks to Pierre who wrote in to tell us about this.)

Also see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit