vulnerability
Amazon Linux AMI: CVE-2018-5711: Security patch for php56, php70, php71 (ALAS-2018-946)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Jan 16, 2018 | Feb 9, 2018 | Apr 16, 2020 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Jan 16, 2018
Added
Feb 9, 2018
Modified
Apr 16, 2020
Description
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
Solutions
amazon-linux-upgrade--php70amazon-linux-upgrade--php71amazon-linux-upgrade-php56
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.