#VU31834 Out-of-bounds read in PHP


Published: 2015-03-30 | Updated: 2020-07-24

Vulnerability identifier: #VU31834

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-9709

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5,. A remote attacker can perform a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Mitigation
Update to version 5.6.5.

Vulnerable software versions

PHP: 5.6.0 - 5.6.4

External links
http://advisories.mageia.org/MGASA-2015-0040.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html
http://marc.info/?l=bugtraq&m=143403519711434&w=2
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2015-1053.html
http://rhn.redhat.com/errata/RHSA-2015-1066.html
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://rhn.redhat.com/errata/RHSA-2015-1218.html
http://www.debian.org/security/2015/dsa-3215
http://www.mandriva.com/security/advisories?name=MDVSA-2015:153
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/73306
http://www.securitytracker.com/id/1033703
http://www.ubuntu.com/usn/USN-2987-1
http://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43
http://bugs.php.net/bug.php?id=68601
http://bugzilla.redhat.com/show_bug.cgi?id=1188639
http://security.gentoo.org/glsa/201606-10
http://security.gentoo.org/glsa/201607-04
http://support.apple.com/HT205267

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for php74
Gentoo update for GD
Out-of-bounds read in gd (Alpine package)
Slackware Linux update for php
Amazon Linux AMI update for php54
Out-of-bounds read in PHP