| Name | CVE-2018-5711 |
| Description | gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-1248-1, DLA-1651-1, DSA-4080-1, DSA-4081-1 |
| Debian Bugs | 887485 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| libgd2 (PTS) | buster | 2.2.5-5.2 | fixed |
| buster (security) | 2.2.5-5.2+deb10u1 | fixed | |
| bullseye | 2.3.0-2 | fixed | |
| sid, trixie, bookworm | 2.3.3-9 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| hhvm | source | (unstable) | 3.24.7+dfsg-1 | |||
| libgd2 | source | wheezy | 2.0.36~rc1~dfsg-6.1+deb7u11 | DLA-1248-1 | ||
| libgd2 | source | jessie | 2.1.0-5+deb8u12 | DLA-1651-1 | ||
| libgd2 | source | stretch | 2.2.4-2+deb9u3 | |||
| libgd2 | source | (unstable) | 2.2.5-4.1 | 887485 | ||
| php5 | source | jessie | 5.6.33+dfsg-0+deb8u1 | DSA-4081-1 | ||
| php5 | source | (unstable) | (unfixed) | unimportant | ||
| php7.0 | source | stretch | 7.0.27-0+deb9u1 | DSA-4080-1 | ||
| php7.0 | source | (unstable) | 7.0.27-1 | unimportant | ||
| php7.1 | source | (unstable) | 7.1.13-1 | unimportant |
Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
PHP Bug: https://bugs.php.net/bug.php?id=75571
https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
https://github.com/libgd/libgd/issues/420
https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04