CVE-2018-5711

Sažetak

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.

Reference

https://bugs.php.net/bug.php?id=75571
http://php.net/ChangeLog-7.php
http://php.net/ChangeLog-5.php
https://lists.debian.org/debian-lts-announce/2018/01/msg00022.html
https://access.redhat.com/errata/RHSA-2018:1296
https://usn.ubuntu.com/3755-1/
https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
https://security.gentoo.org/glsa/201903-18
https://access.redhat.com/errata/RHSA-2019:2519
https://www.oracle.com/security-alerts/cpuapr2020.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

07-11-2023 - 02:58

Objavljeno

16-01-2018 - 09:29