[Secure-testing-team] Bug#887485: libgd2: CVE-2018-5711 Inifinite loop vi crafted gif file
Guido Günther
agx at sigxcpu.org
Wed Jan 17 08:51:23 UTC 2018
Package: libgd2
X-Debbugs-CC: team at security.debian.org secure-testing-team at lists.alioth.debian.org
Severity: important
Tags: security
Hi,
the following vulnerability was published for libgd2.
CVE-2018-5711[0]:
| gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP
| before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x
| before 7.2.1, has an integer signedness error that leads to an infinite
| loop via a crafted GIF file, as demonstrated by a call to the
| imagecreatefromgif or imagecreatefromstring PHP function. This is
| related to GetCode_ and gdImageCreateFromGifCtx.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-5711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711
Please adjust the affected versions in the BTS as needed.
More information about the Secure-testing-team
mailing list