[Forgot Password]
Login  Register Subscribe

23631

 
 

126998

 
 

102010

 
 

909

 
 

80911

 
 

121

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2018-946

ID: oval:org.secpod.oval:def:1600834Date: (C)2018-02-12   (M)2018-02-12
Class: PATCHFamily: unix




Reflected XSS in .phar 404 pageAn issue was discovered in PHP; there is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. Denial of Service via infinite loop in libgd gdImageCreateFromGifCtx function in ext/gd/libgd/gd_gif_in.cThe gd_gif_in.c file in the GD Graphics Library , as used in PHP has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx

Platform:
Amazon Linux AMI
Product:
php56
php70
php71
Reference:
ALAS-2018-946
CVE-2018-5712
CVE-2018-5711
CVE    2
CVE-2018-5712
CVE-2018-5711
CPE    6
cpe:/a:php:php56
cpe:/a:php:php70
cpe:/a:php:php71
cpe:/o:amazon:linux
...

© 2013 SecPod Technologies