All Products
Document Center

[Vulnerability notice] CVE-2018-5711: DoS vulnerability in the PHP GD Library

Last Updated: Jan 13, 2020

On January 22, 2018, a security researcher discovered a DoS vulnerability in the PHP environment. The PoC can trigger the suspension and crash of the PHP process with specially crafted GIF images, affecting website functions and services. The PoC is public. Because websites developed in PHP use the GD Library for image uploading, we recommend that you keep yourself updated with this vulnerability.

See the following for more information about the vulnerability.

CVE identifier


Vulnerability name

DoS vulnerability in the PHP GD Library

Vulnerability rating


Vulnerability description

The PoC uploads specially crafted GIF images to exhaust server resources, resulting in the suspension and crash of the PHP process and service disruption.

Condition and method of exploitation

Remote exploitation by using PoC

PoC status


Affected scope

  • PHP 5 < 5.6.33
  • PHP 7.0 < 7.0.27
  • PHP 7.1 < 7.1.13
  • PHP 7.2 < 7.2.1

Vulnerability detection

Check whether any affected version of PHP is used.

How to fix or mitigate

PHP has released the latest version to fix this vulnerability. You can manually download and install the latest version.

Note: We recommend that you perform a test and use ECS snapshot to back up data before the upgrade.