Signature Detail

HTTP: PHP GD Graphics Library Memory Corruption

This signature detects attempts to exploit a known vulnerability against PHP GD Graphics Library. A successful attack can lead to arbitrary code execution.

Extended Description

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.

Affected Products

• Canonical ubuntu_linux 14.04
• Canonical ubuntu_linux 16.04
• Canonical ubuntu_linux 18.04
• Debian debian_linux 7.0
• Debian debian_linux 8.0
• Php php 5.6.32
• Php php 7.0.0
• Php php 7.0.1
• Php php 7.0.10
• Php php 7.0.11
• Php php 7.0.12
• Php php 7.0.13
• Php php 7.0.14
• Php php 7.0.15
• Php php 7.0.16
• Php php 7.0.17
• Php php 7.0.18
• Php php 7.0.19
• Php php 7.0.2
• Php php 7.0.20
• Php php 7.0.21
• Php php 7.0.22
• Php php 7.0.23
• Php php 7.0.24
• Php php 7.0.25
• Php php 7.0.26
• Php php 7.0.3
• Php php 7.0.4
• Php php 7.0.5
• Php php 7.0.6
• Php php 7.0.7
• Php php 7.0.8
• Php php 7.0.9
• Php php 7.1.1
• Php php 7.1.10
• Php php 7.1.11
• Php php 7.1.12
• Php php 7.1.2
• Php php 7.1.3
• Php php 7.1.4
• Php php 7.1.5
• Php php 7.1.6
• Php php 7.1.7
• Php php 7.1.8
• Php php 7.1.9
• Php php 7.2.0

References

• CVE: CVE-2018-5711