Page 1 of 1

GD Library Security Issues

Posted: Tue Oct 24, 2006 3:32 am
by lettie
Hi

I have used the GD Library to manipulate images on the server in a test enviroment. But as I understand it there were security issues with the GD Library itself and a lot of shared hosting environments do not install it. Can anyone tell me:
1. What the security issues were?
2. Whether they have been fixed?
3. If not what is out there as an alternative to manipulate images and create thumbs on the fly?

Many Thanks

Posted: Wed Nov 01, 2006 3:01 am
by onion2k
I've not heard of any security issues with GD. It's just a library for generating graphic data, I don't really see how someone could use it to compromise a server. I suppose someone could spam a dynamic image with requests, that could be classed as a DoS attack, but they could do that with any script.

A lot of shared hosts don't have it installed because graphic generation is memory and CPU intensive, so it's can make other users annoyed if someone is using it a lot.

Anything that does graphics stuff on-the-fly will suffer the same issues as GD. But if you really want to use something else you should look at either ImageMagik or NetPBM.