CVE-2018-5711

Опубликовано: 25 нояб. 2017

Источник: redhat

CVSS3: 4.3

Описание

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.

Отчет

This vulnerability is rated as low severity because it causes an infinite loop, resulting in a denial of service, while it can exhaust server resources and impact availability, it does not pose a threat to system security or integrity.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	libwmf	Not affected
Red Hat Enterprise Linux 5	php	Will not fix
Red Hat Enterprise Linux 5	php53	Will not fix
Red Hat Enterprise Linux 6	gd	Out of support scope
Red Hat Enterprise Linux 6	libwmf	Not affected
Red Hat Enterprise Linux 6	php	Will not fix
Red Hat Enterprise Linux 7	gd	Fix deferred
Red Hat Enterprise Linux 7	libwmf	Not affected
Red Hat Enterprise Linux 7	php	Will not fix
Red Hat Enterprise Linux 8	gd	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-835

https://bugzilla.redhat.com/show_bug.cgi?id=1535246gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2018-5711

CVSS3: 5.5

ubuntu

больше 7 лет назад

CVE-2018-5711

CVSS3: 5.5

nvd

больше 7 лет назад

CVE-2018-5711

CVSS3: 5.5

debian

больше 7 лет назад

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP bef ...

openSUSE-SU-2018:0316-1

suse-cvrf

больше 7 лет назад

Security update for gd

SUSE-SU-2018:0260-1

suse-cvrf

больше 7 лет назад

Security update for gd

4.3 Medium

CVSS3