php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73504 System frozen - DOS
Submitted: 2016-11-12 10:21 UTC Modified: 2016-11-12 14:08 UTC
From: honor dot ston3 at gmail dot com Assigned: cmb (profile)
Status: Not a bug Package: GD related
PHP Version: 5.6.28 OS: *nix
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: honor dot ston3 at gmail dot com
New email:
PHP Version: OS:

 

 [2016-11-12 10:21 UTC] honor dot ston3 at gmail dot com 
Description:
------------
Hello,

I tested below code and system frozen. System bloked. DOS ...
Pls contact me for payload file.

Author: Onur TAŞLIOĞLU

Test script:
---------------
<?php
$png = imagecreatefromgd2($argv[1]);
imagegif($png, './php.gif');
imagedestroy($png);
?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-11-12 10:56 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2016-11-12 10:56 UTC] cmb@php.net 
Also reported as <https://github.com/libgd/libgd/issues/340>.
 [2016-11-12 13:28 UTC] cmb@php.net
-Status: Assigned +Status: Not a bug
 [2016-11-12 13:28 UTC] cmb@php.net 
This is solely a libgd issue, and PHP's bundled libgd is not affected,
so I'm closing this ticket as not-a-bug.
 [2016-11-12 13:54 UTC] honor dot stone3 at gmail dot com 
NOT A BUG? :)

My test script:

<?php
$png = imagecreatefromgd2($argv[1]);
imagegif($png, './php.gif');
imagedestroy($png);
?>

Please try above code with my payload.
Why closed ticket? Try please.
 [2016-11-12 14:08 UTC] cmb@php.net 
I had tested your script with the payload with PHP's bundled libgd, and
this is not affected, so this is not a bug in PHP.

It is, of course, a bug in libgd, what I've already acknowledged[1].

[1] <https://github.com/libgd/libgd/issues/340>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 16:01:28 2024 UTC