Potential DoS vulnerability regarding GD and GIF

A place for security related announcements and discussions - please check this forum frequently!
Post Reply
cmb
Posts: 12664
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Potential DoS vulnerability regarding GD and GIF

Post by cmb » Wed Jan 17, 2018 3:38 pm

Hi everybody!

Recently I was pointed to an issue regarding server side image manipulation of GIF images with GD. The PHP manual cautions:
When reading GIF files into memory, only the first frame is returned in the image resource pointer. The size of the image is not necessarily what is reported by getimagesize().
This is easily overlooked and can lead to DoS vulnerabilities if the image is postprocessed by certain GD functions (such as imagecopyresampled()).

I am not aware of any actively maintained CMSimple_XH plugin which manipulates GIF images which have been supplied by unauthenticated users, but Bookstore_XH 1.2 might be affected.
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+

Post Reply