The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libgd | Libgd | 2.0.34 (including) | 2.0.34 (including) |
| Red Hat Enterprise Linux 3 | RedHat | php-0:4.3.2-43.ent | * |
| Red Hat Enterprise Linux 4 | RedHat | php-0:4.3.9-3.22.9 | * |
| Red Hat Enterprise Linux 4 | RedHat | gd-0:2.0.28-5.4E.el4_6.1 | * |
| Red Hat Enterprise Linux 5 | RedHat | php-0:5.1.6-15.el5 | * |
| Red Hat Enterprise Linux 5 | RedHat | gd-0:2.0.33-9.4.el5_1.1 | * |
| Red Hat Web Application Stack for RHEL 4 | RedHat | php-0:5.1.6-3.el4s1.8 | * |
| Libgd2 | Ubuntu | dapper | * |
| Libgd2 | Ubuntu | devel | * |
| Libgd2 | Ubuntu | edgy | * |
| Libgd2 | Ubuntu | feisty | * |