CVE-2018-5711

NameCVE-2018-5711
Descriptiongd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1248-1, DSA-4080-1, DSA-4081-1
NVD severitymedium (attack range: remote)
Debian Bugs887485

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
hhvm (PTS)buster, sid3.24.7+dfsg-2fixed
libgd2 (PTS)jessie (security), jessie2.1.0-5+deb8u11vulnerable
stretch (security), stretch2.2.4-2+deb9u2vulnerable
buster, sid2.2.5-4vulnerable
php5 (PTS)jessie5.6.33+dfsg-0+deb8u1fixed
jessie (security)5.6.36+dfsg-0+deb8u1fixed
php7.0 (PTS)stretch (security), stretch7.0.30-0+deb9u1fixed
buster, sid7.0.31-1fixed
php7.1 (PTS)buster, sid7.1.20-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
hhvmsource(unstable)3.24.7+dfsg-1medium
libgd2source(unstable)(unfixed)medium887485
libgd2sourcewheezy2.0.36~rc1~dfsg-6.1+deb7u11mediumDLA-1248-1
php5source(unstable)(unfixed)unimportant
php5sourcejessie5.6.33+dfsg-0+deb8u1mediumDSA-4081-1
php7.0source(unstable)7.0.27-1unimportant
php7.0sourcestretch7.0.27-0+deb9u1mediumDSA-4080-1
php7.1source(unstable)7.1.13-1unimportant

Notes

Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
PHP Bug: https://bugs.php.net/bug.php?id=75571
https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
[stretch] - libgd2 <postponed> (Minor issue, can be fixed along in a future update)
[jessie] - libgd2 <postponed> (Minor issue, can be fixed along in a future update)
https://github.com/libgd/libgd/issues/420
https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04

Search for package or bug name: Reporting problems