On January 22, 2018, a security researcher discovered a DoS vulnerability in the PHP environment. The PoC can trigger the suspension and crash of the PHP process with specially crafted GIF images, affecting website functions and services. The PoC is public. Because websites developed in PHP use the GD Library for image uploading, we recommend that you keep yourself updated with this vulnerability.
See the following for more information about the vulnerability.
DoS vulnerability in the PHP GD Library
The PoC uploads specially crafted GIF images to exhaust server resources, resulting in the suspension and crash of the PHP process and service disruption.
Condition and method of exploitation
Remote exploitation by using PoC
- PHP 5 < 5.6.33
- PHP 7.0 < 7.0.27
- PHP 7.1 < 7.1.13
- PHP 7.2 < 7.2.1
Check whether any affected version of PHP is used.
How to fix or mitigate
PHP has released the latest version to fix this vulnerability. You can manually download and install the latest version.
Note: We recommend that you perform a test and use ECS snapshot to back up data before the upgrade.