CVE-2018-5711

Description

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.

CVSS Metrics

• v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 10.27%• Percentile: 93%

Techniques & Countermeasures

• CWE-681•Incorrect Conversion between Numeric Types

  When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

• CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')

  The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Systems

• canonical•ubuntu_linux

  14.04 | 16.04 | 18.04

• debian•debian_linux

  7.0 | 8.0

• Unknown•PHP

  ≤ 5.6.32 | ≥ 7.0.0, ≤ 7.0.26 | > 7.1.0, ≤ 7.1.12 | 7.2.0

References (11)

• https://bugs.php.net/bug.php?id=75571
• https://usn.ubuntu.com/3755-1/
• https://access.redhat.com/errata/RHSA-2018:1296
• http://php.net/ChangeLog-5.php
• https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
• http://php.net/ChangeLog-7.php
• https://lists.debian.org/debian-lts-announce/2018/01/msg00022.html
• https://security.gentoo.org/glsa/201903-18
• https://access.redhat.com/errata/RHSA-2019:2519
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
• https://www.oracle.com/security-alerts/cpuapr2020.html