gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
php版本号在PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1,
在这些以前的都有gif动态文件漏洞
如果任意用户在有权限上传gif动态图形文件的情况下,上传了含恶意代码的gif文件,那么,服务器将会宏机。
详见php官方
https://bugs.php.net/bug.php?id=75571 CONFIRM |
http://php.net/ChangeLog-7.php CONFIRM |
http://php.net/ChangeLog-5.php CONFIRM
漏洞测试代码
|
电脑维护,系统安装,软 、硬件维修,电脑配件,零售业务,网站建设,路由器安装设置、 服务器维护,电脑、网络维护,智能手机刷机,安装WIFI 调试!郴州网站建设 小程序搭建 郴州电脑维修
咨询电话:18175576644 扫描二维码。关注公众号,小程序 享受星级服务 |
手机点击二维码关注 |
手机点击打开小程序 |