This security bulletin contains one low risk vulnerability.
CWE-400 - Resource exhaustion
Exploit availability: NoDescription
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the gdImageFillToBorder function in gd.c due to stack consumption. A remote attacker can submit a specially crafted imagefilltoborder call that triggers use of a negative color value and cause the service to crash.
Update the affected package to version: 2.1.0-5+deb8u8, 2.2.2-29-g3c2b605-1, 2.2.2-29-g3c2b605-1Vulnerable software versions
Debian Linux: All versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?