CVE-2018-5711
- Source
- https://cve.org/CVERecord?id=CVE-2018-5711
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5711.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-5711
- Downstream
- Related
- Published
- 2018-01-16T09:29:00.577Z
- Modified
- 2026-04-16T06:17:58.457806141Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
gdgifin.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- https://access.redhat.com/errata/RHSA-2018:1296
- https://access.redhat.com/errata/RHSA-2019:2519
- https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
- https://lists.debian.org/debian-lts-announce/2018/01/msg00022.html
- https://security.gentoo.org/glsa/201903-18
- https://usn.ubuntu.com/3755-1/
- https://bugs.php.net/bug.php?id=75571
Affected packages
Git / github.com/php/php-src
Affected ranges
- Type
- GIT
- Repo
- https://github.com/php/php-src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "5.6.32" }, { "introduced": "7.0.0" }, { "last_affected": "7.0.26" }, { "introduced": "0" }, { "last_affected": "7.1.12" }, { "introduced": "0" }, { "last_affected": "7.2.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "8.0" } ] }
Affected versions
Other
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
l
php-5.*
php-5.6.32
php-7.*
php-7.0.0
php-7.0.26
php-7.0.26RC1
php-7.1.12
php-7.1.12RC1
php-7.2.0
php-8.*
php-8.0.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5711.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
}
]