edit-icon download-icon

[Vulnerability notice] CVE-2018-5711: DoS vulnerability in the PHP GD Library

Last Updated: Apr 08, 2018

On January 22, 2018, a security researcher discovered a DoS vulnerability in the PHP environment. The PoC can trigger the suspension and crash of the PHP process with specially crafted GIF images, affecting website functions and services. The PoC is public. Because websites developed in PHP use the GD Library for image uploading, we recommend that you keep yourself updated with this vulnerability.

See the following for more information about the vulnerability.


CVE identifier

CVE-2018-5711

Vulnerability name

DoS vulnerability in the PHP GD Library

Vulnerability rating

High

Vulnerability description

The PoC uploads specially crafted GIF images to exhaust server resources, resulting in the suspension and crash of the PHP process and service disruption.

Condition and method of exploitation

Remote exploitation by using PoC

PoC status

Unpublished

Affected scope

  • PHP 5 < 5.6.33
  • PHP 7.0 < 7.0.27
  • PHP 7.1 < 7.1.13
  • PHP 7.2 < 7.2.1

Vulnerability detection

Check whether any affected version of PHP is used.

How to fix or mitigate

PHP has released the latest version to fix this vulnerability. You can manually download and install the latest version.

Note: We recommend that you perform a test and use ECS snapshot to back up data before the upgrade.

Reference

[1]. http://blog.orange.tw/2018/01/php-cve-2018-5711-hanging-websites-by.html
[2]. http://php.net/

Thank you! We've received your feedback.