php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73504 System frozen - DOS
Submitted: 2016-11-12 10:21 UTC Modified: 2016-11-12 14:08 UTC
From: honor dot ston3 at gmail dot com Assigned: cmb (profile)
Status: Not a bug Package: GD related
PHP Version: 5.6.28 OS: *nix
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: honor dot ston3 at gmail dot com
New email:
PHP Version: OS:

 

 [2016-11-12 10:21 UTC] honor dot ston3 at gmail dot com 
Description:
------------
Hello,

I tested below code and system frozen. System bloked. DOS ...
Pls contact me for payload file.

Author: Onur TAŞLIOĞLU

Test script:
---------------
<?php
$png = imagecreatefromgd2($argv[1]);
imagegif($png, './php.gif');
imagedestroy($png);
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-11-12 10:56 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2016-11-12 10:56 UTC] cmb@php.net 
Also reported as <https://github.com/libgd/libgd/issues/340>.
 [2016-11-12 13:28 UTC] cmb@php.net
-Status: Assigned +Status: Not a bug
 [2016-11-12 13:28 UTC] cmb@php.net 
This is solely a libgd issue, and PHP's bundled libgd is not affected,
so I'm closing this ticket as not-a-bug.
 [2016-11-12 13:54 UTC] honor dot stone3 at gmail dot com 
NOT A BUG? :)

My test script:

<?php
$png = imagecreatefromgd2($argv[1]);
imagegif($png, './php.gif');
imagedestroy($png);
?>

Please try above code with my payload.
Why closed ticket? Try please.
 [2016-11-12 14:08 UTC] cmb@php.net 
I had tested your script with the payload with PHP's bundled libgd, and
this is not affected, so this is not a bug in PHP.

It is, of course, a bug in libgd, what I've already acknowledged[1].

[1] <https://github.com/libgd/libgd/issues/340>
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 21:01:27 2025 UTC