CVE-2018-5711

Name of the Vulnerable Software and Affected Versions GD Graphics Library (libgd) versions prior to 2.2.5, as used in PHP versions prior to 5.6.33, 7.0.x prior to 7.0.27, 7.1.x prior to 7.1.13, and 7.2.x prior to 7.2.1

Description The issue is related to an integer signedness error in the gd gif in.c file of the GD Graphics Library, which can lead to an infinite loop when processing a crafted GIF file. This can be triggered by a call to the imagecreatefromgif or imagecreatefromstring PHP function, which utilizes the gdImageCreateFromGifCtx function. The error can be exploited by a remote attacker to cause a denial of service using a specially crafted GIF file.

Recommendations For PHP versions prior to 5.6.33, update to version 5.6.33 or later. For PHP 7.0.x versions prior to 7.0.27, update to version 7.0.27 or later. For PHP 7.1.x versions prior to 7.1.13, update to version 7.1.13 or later. For PHP 7.2.x versions prior to 7.2.1, update to version 7.2.1 or later. As a temporary workaround, consider avoiding the use of the imagecreatefromgif and imagecreatefromstring PHP functions until a patch is available.