CVE-2018-5711 — Incorrect Conversion between Numeric Types in Libgd2

CWE-681 — Incorrect Conversion between Numeric Types CWE-835 — Infinite Loop10 documents8 sources

Severity

5.5MEDIUMNVD

OSV8.8

EPSS

7.8%

top 8.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libgd2 PHP Canonical Ubuntu Linux +1 more

Timeline

PublishedJan 16

Latest updateMay 13

Description

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/libgd2< libgd2 2.2.5-4.1 (bookworm)

▶NVDphp/php7.0.0 — 7.0.26+3

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: bugs.php.net ↗Patch: bugs.php.net ↗

🔴Vulnerability Details

GHSA

GHSA-qwqg-rff2-45cw: gd_gif_in↗2022-05-13

▶

OSV

libgd2 vulnerabilities↗2018-08-27

▶

OSV

CVE-2018-5711: gd_gif_in↗2018-01-16

▶

📋Vendor Advisories

Ubuntu

GD vulnerabilities↗2018-08-27

▶

Debian

CVE-2018-5711: libgd2 - gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33...↗2018

▶

Red Hat

gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c↗2017-11-25

▶

💬Community

HackerOne

Potential infinite loop in gdImageCreateFromGifCtx!↗2019-11-12

▶

Bugzilla

CVE-2018-5711 php: gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c [fedora-all]↗2018-01-16

▶

Bugzilla

CVE-2018-5711 gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c↗2018-01-16

▶