[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114411

 
 

909

 
 

88812

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2018-946

ID: oval:org.secpod.oval:def:1600834Date: (C)2018-02-12   (M)2018-05-04
Class: PATCHFamily: unix




Reflected XSS in .phar 404 pageAn issue was discovered in PHP; there is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. Denial of Service via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.cThe gd_gif_in.c file in the GD Graphics Library , as used in PHP has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx

Platform:
Amazon Linux AMI
Product:
php56
php70
php71
Reference:
ALAS-2018-946
CVE-2018-5712
CVE-2018-5711
CVE    2
CVE-2018-5712
CVE-2018-5711
CPE    6
cpe:/a:php:php56
cpe:/a:php:php70
cpe:/a:php:php71
cpe:/a:php:php:7.0.0
...

© SecPod Technologies