CVE-2018-5711

MEDIUM

Description

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.

References

http://php.net/ChangeLog-5.php

http://php.net/ChangeLog-7.php

https://access.redhat.com/errata/RHSA-2018:1296

https://access.redhat.com/errata/RHSA-2019:2519

https://bugs.php.net/bug.php?id=75571

https://lists.debian.org/debian-lts-announce/2018/01/msg00022.html

https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html

https://security.gentoo.org/glsa/201903-18

https://usn.ubuntu.com/3755-1/

Details

Source: MITRE

Published: 2018-01-16

Updated: 2019-10-03

Type: CWE-681

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.6.32 (inclusive)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from 7.0.0 to 7.0.26 (inclusive)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 7.1.12 (inclusive)

cpe:2.3:a:php:php:7.2.0:*:*:*:*:*:*:*

Configuration 2

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Tenable Plugins

View all (30 total)

ID	Name	Product	Family	Severity
137966	EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2020-1747)	Nessus	Huawei Local Security Checks	critical
134850	Slackware 14.2 / current : gd (SSA:2020-083-01)	Nessus	Slackware Local Security Checks	high
132184	EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)	Nessus	Huawei Local Security Checks	critical
131674	EulerOS 2.0 SP2 : gd (EulerOS-SA-2019-2521)	Nessus	Huawei Local Security Checks	high
129178	EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984)	Nessus	Huawei Local Security Checks	high
98824	PHP 5.6.x < 5.6.33 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	medium
123424	GLSA-201903-18 : GD: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
121483	Debian DLA-1651-1 : libgd2 security update	Nessus	Debian Local Security Checks	high
98865	PHP 7.2.x < 7.2.1 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	medium
98858	PHP 7.1.x < 7.1.13 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	medium
98846	PHP 7.0.x < 7.0.27 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	medium
120264	Fedora 28 : gd (2018-1aeac808ce)	Nessus	Fedora Local Security Checks	medium
120015	SUSE SLES12 Security Update : php7 (SUSE-SU-2018:0308-1)	Nessus	SuSE Local Security Checks	medium
120013	SUSE SLES12 Security Update : php5 (SUSE-SU-2018:0216-1)	Nessus	SuSE Local Security Checks	medium
112150	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : GD vulnerabilities (USN-3755-1)	Nessus	Ubuntu Local Security Checks	medium
108836	Fedora 26 : gd (2018-331af74020)	Nessus	Fedora Local Security Checks	medium
108700	Fedora 27 : gd (2018-ba81e4e4a0)	Nessus	Fedora Local Security Checks	medium
108650	SUSE SLES11 Security Update : php53 (SUSE-SU-2018:0806-1)	Nessus	SuSE Local Security Checks	high
106691	Amazon Linux AMI : php56 / php70,php71 (ALAS-2018-946)	Nessus	Amazon Linux Local Security Checks	medium
106586	Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2018-034-01)	Nessus	Slackware Local Security Checks	medium
106550	openSUSE Security Update : php7 (openSUSE-2018-119)	Nessus	SuSE Local Security Checks	medium
106543	openSUSE Security Update : gd (openSUSE-2018-109)	Nessus	SuSE Local Security Checks	medium
106470	SUSE SLED12 / SLES12 Security Update : gd (SUSE-SU-2018:0260-1)	Nessus	SuSE Local Security Checks	medium
106439	SUSE SLES11 Security Update : gd (SUSE-SU-2018:0235-1)	Nessus	SuSE Local Security Checks	medium
106434	openSUSE Security Update : php5 (openSUSE-2018-99)	Nessus	SuSE Local Security Checks	medium
106175	Debian DLA-1248-1 : libgd2 security update	Nessus	Debian Local Security Checks	medium
105774	PHP 7.2.x < 7.2.1 Multiple Vulnerabilities	Nessus	CGI abuses	medium
105773	PHP 7.1.x < 7.1.13 Multiple Vulnerabilities	Nessus	CGI abuses	medium
105772	PHP 7.0.x < 7.0.27 Multiple Vulnerabilities	Nessus	CGI abuses	medium
105771	PHP 5.6.x < 5.6.33 Multiple Vulnerabilities	Nessus	CGI abuses	medium