Published: 16/01/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 387

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP prior to 5.6.33, 7.0.x prior to 7.0.27, 7.1.x prior to 7.1.13, and 7.2.x prior to 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 7.2.0
php php
debian debian linux 8.0
debian debian linux 7.0
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04

Several security issues were fixed in GD ...

Synopsis Moderate: rh-php70-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php70-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Synopsis Moderate: rh-php71-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php71-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Debian Bug report logs - #906886 libgd2: CVE-2018-1000222: double-free vulnerability in gdImageBmpPtr function Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 21 Aug 2018 20:03:02 UTC Severity: important Tags: fix ...

Debian Bug report logs - #887485 libgd2: CVE-2018-5711 Inifinite loop via crafted gif file Package: libgd2; Maintainer for libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Wed, 17 Jan 2018 08:54:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstre ...

ALAS-2018-946 Amazon Linux 2 Security Advisory: ALAS-2018-946 Advisory Release Date: 2018-02-07 17:29 Pacific Advisory Updated Date: 2018-02-07 18:33 Pacifi ...

Reflected XSS in phar 404 pageAn issue was discovered in PHP; there is Reflected XSS on the PHAR 404 error page via the URI of a request for a phar file (CVE-2018-5712) Denial of Service (DoS) via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_incThe gd_gif_inc file in the GD Graphics Library (aka libgd), as us ...

gd_gif_inc in the GD Graphics Library (aka libgd), as used in PHP before 5633, 70x before 7027, 71x before 7113, and 72x before 721, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function This is related to GetCo ...

gd_gif_inc in the libgd has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function This is related to GetCode_ and gdImageCreateFromGifCtx ...

CWE-681 CWE-835 https://bugs.php.net/bug.php?id=75571 http://php.net/ChangeLog-7.php http://php.net/ChangeLog-5.php https://lists.debian.org/debian-lts-announce/2018/01/msg00022.html https://access.redhat.com/errata/RHSA-2018:1296 https://usn.ubuntu.com/3755-1/https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html https://security.gentoo.org/glsa/201903-18 https://access.redhat.com/errata/RHSA-2019:2519 https://www.oracle.com/security-alerts/cpuapr2020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/https://usn.ubuntu.com/3755-1/https://nvd.nist.gov

CVE-2018-5711

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect