It is easy to trigger in web application if the web use GD as its image library.
For example, It can be triggered if a website resize the user-uploaded GIF, and ALL PHP version are affected!

Original bug report

https://bugs.php.net/bug.php?id=75571

Note

CVE-2018-5711 assigned

Thanks :)

Impact

A malicious GIF can trigger an infinite loop and lead to exhausted the server resource!

nessus 33

fedora 5

osv 5

seebug 1

openvas 24

prion 1

veracode 2

ubuntucve 1

cve 1

nvd 1

cvelist 1

debian 2

debiancve 1

redhatcve 1

alpinelinux 1

f5 1

amazon 1

cloudfoundry 1

mageia 1

ubuntu 1

slackware 2

photon 1

gentoo 1

ibm 2

suse 1

redhat 2

rosalinux 1

oracle 1

nessus

Fedora 27 : gd (2018-ba81e4e4a0)

2018-03-29 00:00:00

Fedora 28 : gd (2018-1aeac808ce)

2019-01-03 00:00:00

SUSE SLED12 / SLES12 Security Update : gd (SUSE-SU-2018:0260-1)

2018-01-30 00:00:00

fedora

[SECURITY] Fedora 27 Update: gd-2.2.5-3.fc27

2018-03-28 23:51:17

[SECURITY] Fedora 26 Update: gd-2.2.5-2.fc26

2018-04-04 16:48:02

[SECURITY] Fedora 28 Update: gd-2.2.5-3.fc28

2018-04-04 15:54:13

osv

CVE-2018-5711

2018-01-16 09:29:00

libgd2 - security update

2018-01-19 00:00:00

libgd2 - security update

2019-01-30 00:00:00

seebug

PHP CVE-2018-5711 - Hanging Websites by a Harmful GIF

2018-02-02 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2018:0260-1)

2021-04-19 00:00:00

Fedora Update for gd FEDORA-2018-331af74020

2018-04-06 00:00:00

Debian: Security Advisory (DLA-1248-1)

2018-01-21 00:00:00

prion

Integer overflow

2018-01-16 09:29:00

veracode

Denial Of Service (DoS) Through Infinite Loop

2019-05-16 03:00:00

Use After Free

2019-05-16 02:59:58

ubuntucve

CVE-2018-5711

2018-01-16 00:00:00

cve

CVE-2018-5711

2018-01-16 09:29:00

nvd

CVE-2018-5711

2018-01-16 09:29:00

cvelist

CVE-2018-5711

2018-01-16 09:00:00

debian

[SECURITY] [DLA 1248-1] libgd2 security update

2018-01-19 04:58:18

[SECURITY] [DLA 1651-1] libgd2 security update

2019-01-30 20:45:03

debiancve

CVE-2018-5711

2018-01-16 09:29:00

redhatcve

CVE-2018-5711

2019-12-28 03:41:54

alpinelinux

CVE-2018-5711

2018-01-16 09:29:00

K43223005 : PHP vulnerability CVE-2018-5711

2018-02-06 00:00:00

amazon

Medium: php56, php70, php71

2018-02-07 17:10:00

cloudfoundry

USN-3755-1: GD vulnerabilities | Cloud Foundry

2018-09-11 00:00:00

mageia

Updated libgd packages fix security vulnerabilities

2018-09-02 22:07:30

ubuntu

GD vulnerabilities

2018-08-27 00:00:00

slackware

[slackware-security] php

2018-02-04 07:16:29

[slackware-security] gd

2020-03-23 20:45:50

photon

Moderate Photon OS Security Update - PHSA-2023-3.0-0612

2023-07-13 00:00:00

gentoo

GD: Multiple vulnerabilities

2019-03-28 00:00:00

ibm

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in php

2018-07-27 01:22:37

Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018

2019-01-28 17:05:01

suse

Security update for php53 (important)

2018-03-26 15:08:04

redhat

(RHSA-2019:2519) Moderate: rh-php71-php security, bug fix, and enhancement update

2019-08-19 08:09:18

(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update

2018-05-03 03:21:11

rosalinux

Advisory ROSA-SA-2021-1950

2021-07-02 17:57:45

oracle

Oracle Critical Patch Update Advisory - April 2020

2020-04-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.002 Low

EPSS

Percentile

62.0%

JSON

Related for H1:305972