Home Original page

Fix DOS vulnerability in gdImageCreateFromGd2Ctx()

Sec Bug #73868 Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
Submitted: 2017-01-05 10:31 UTC Modified: 2017-01-28 23:06 UTC
From: ondrej@php.net Assigned: cmb (profile)
Status: Closed Package: GD related
PHP Version: 5.6.29 OS:
Private report: No CVE-ID: 2016-10167

 [2017-01-05 10:31 UTC] ondrej@php.net

Description:
------------
This is a security sync with GD-2.2

~~~

We must not pretend that there are image data if there are none. Instead
we fail reading the image file gracefully.

Patches

fix-73868 (last revision 2017-01-05 15:53 UTC by cmb@php.net)
0003-Fix-DOS-vulnerability-in-gdImageCreateFromGd2Ctx.patch (last revision 2017-01-05 10:31 UTC by ondrej)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2017-01-05 10:32 UTC] ondrej@php.net

-Type: Bug +Type: Security -Private report: No +Private report: Yes

 [2017-01-05 15:56 UTC] cmb@php.net

fix-73868 fixes a compile issue with Ondřej's patch and also adds
a respective PHPT. It should be applied against PHP-5.6.

 [2017-01-05 19:33 UTC] stas@php.net

-Assigned To: +Assigned To: cmb

 [2017-01-05 19:34 UTC] stas@php.net

Is this bug 7.1 only? If not, the version should be set to the minimal branch this bug happens in (since it's GD I assume it'd be 5.6).

 [2017-01-05 23:07 UTC] cmb@php.net

-PHP Version: 7.1.0 +PHP Version: 5.6.29

 [2017-01-05 23:07 UTC] cmb@php.net

Indeed, this affects PHP 5.6+.

 [2017-01-16 17:08 UTC] ab@php.net

Merged into security repo as cdb648dc4115ce0722f3cc75e6a65115fc0e56ab.

Thanks.

 [2017-01-21 16:54 UTC] cmb@php.net

-Status: Assigned +Status: Closed

 [2017-01-21 16:54 UTC] cmb@php.net

The fix has been released with PHP 5.6.30, 7.0.15 and 7.1.1, so
I'm (dis)closing.

 [2017-01-28 23:06 UTC] cmb@php.net

-CVE-ID: +CVE-ID: 2016-10167