php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #73868 Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
Submitted: 2017-01-05 10:31 UTC Modified: 2017-01-28 23:06 UTC
From: ondrej@php.net Assigned: cmb (profile)
Status: Closed Package: GD related
PHP Version: 5.6.29 OS:
Private report: No CVE-ID: 2016-10167
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ondrej@php.net
New email:
PHP Version: OS:

 

 [2017-01-05 10:31 UTC] ondrej@php.net
Description:
------------
This is a security sync with GD-2.2

~~~

We must not pretend that there are image data if there are none. Instead
we fail reading the image file gracefully.



Patches

fix-73868 (last revision 2017-01-05 15:53 UTC by cmb@php.net)
0003-Fix-DOS-vulnerability-in-gdImageCreateFromGd2Ctx.patch (last revision 2017-01-05 10:31 UTC by ondrej)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-05 10:32 UTC] ondrej@php.net
-Type: Bug +Type: Security -Private report: No +Private report: Yes
 [2017-01-05 15:53 UTC] cmb@php.net
The following patch has been added/updated:

Patch Name: fix-73868
Revision:   1483631603
URL:        https://bugs.php.net/patch-display.php?bug=73868&patch=fix-73868&revision=1483631603
 [2017-01-05 15:56 UTC] cmb@php.net
fix-73868 fixes a compile issue with Ondřej's patch and also adds
a respective PHPT. It should be applied against PHP-5.6.
 [2017-01-05 19:33 UTC] stas@php.net
-Assigned To: +Assigned To: cmb
 [2017-01-05 19:34 UTC] stas@php.net
Is this bug 7.1 only? If not, the version should be set to the minimal branch this bug happens in (since it's GD I assume it'd be 5.6).
 [2017-01-05 23:07 UTC] cmb@php.net
-PHP Version: 7.1.0 +PHP Version: 5.6.29
 [2017-01-05 23:07 UTC] cmb@php.net
Indeed, this affects PHP 5.6+.
 [2017-01-16 17:08 UTC] ab@php.net
Merged into security repo as cdb648dc4115ce0722f3cc75e6a65115fc0e56ab.

Thanks.
 [2017-01-21 16:54 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2017-01-21 16:54 UTC] cmb@php.net
The fix has been released with PHP 5.6.30, 7.0.15 and 7.1.1, so
I'm (dis)closing.
 [2017-01-28 23:06 UTC] cmb@php.net
-CVE-ID: +CVE-ID: 2016-10167
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Oct 12 07:01:28 2024 UTC