First published: Sat Nov 25 2017(Updated: )
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/rh-php70-php | <0:7.0.27-1.el6 | 0:7.0.27-1.el6 |
redhat/rh-php70-php | <0:7.0.27-1.el7 | 0:7.0.27-1.el7 |
redhat/rh-php71-php | <0:7.1.30-1.el7 | 0:7.1.30-1.el7 |
PHP PHP | <=5.6.32 | |
PHP PHP | >=7.0.0<=7.0.26 | |
PHP PHP | >7.1.0<=7.1.12 | |
PHP PHP | =7.2.0 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
PHP PHP | <7.0.27 | 7.0.27 |
redhat/php | <5.6.33 | 5.6.33 |
redhat/php | <7.0.27 | 7.0.27 |
redhat/php | <7.1.13 | 7.1.13 |
redhat/php | <7.2.1 | 7.2.1 |
ubuntu/libgd2 | <2.2.5-4ubuntu0.2 | 2.2.5-4ubuntu0.2 |
ubuntu/libgd2 | <2.2.5-4ubuntu1 | 2.2.5-4ubuntu1 |
ubuntu/libgd2 | <2.2.5-4ubuntu1 | 2.2.5-4ubuntu1 |
ubuntu/libgd2 | <2.2.5-4ubuntu1 | 2.2.5-4ubuntu1 |
ubuntu/libgd2 | <2.2.5-4ubuntu1 | 2.2.5-4ubuntu1 |
ubuntu/libgd2 | <2.2.5-4ubuntu1 | 2.2.5-4ubuntu1 |
ubuntu/libgd2 | <2.2.5-4ubuntu1 | 2.2.5-4ubuntu1 |
ubuntu/libgd2 | <2.1.0-3ubuntu0.10 | 2.1.0-3ubuntu0.10 |
ubuntu/libgd2 | <2.1.1-4ubuntu0.16.04.10 | 2.1.1-4ubuntu0.16.04.10 |
debian/libgd2 | 2.3.0-2 2.3.3-9 2.3.3-12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-5711 is a fixed bug in the GD Graphics Library (libgd) that can cause an infinite loop via a crafted GIF file.
CVE-2018-5711 affects PHP versions before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1.
The severity of CVE-2018-5711 is medium with a CVSS score of 5.5.
To fix CVE-2018-5711, update your PHP installation to version 5.6.33, 7.0.27, 7.1.13, or 7.2.1.
You can find more information about CVE-2018-5711 on the PHP official website and the PHP bug tracker.