CVE-2018-5711

MEDIUM

GD Graphics Library <7.2.1 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-5711. PoCs published by huzhenghui.

AI-analyzed exploit summary This Dockerfile sets up a PHP 7.2.0 environment and downloads a pre-compiled exploit (poc.gif) for CVE-2018-5711, a use-after-free vulnerability in PHP's GD library. The exploit is fetched from a GitHub raw content URL and converted from hexdump format using xxd.

Description

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.

Exploits (2)

nomisec WORKING POC 2 stars
by huzhenghui · poc
https://github.com/huzhenghui/Test-7-2-0-PHP-CVE-2018-5711

This Dockerfile sets up a PHP 7.2.0 environment and downloads a pre-compiled exploit (poc.gif) for CVE-2018-5711, a use-after-free vulnerability in PHP's GD library. The exploit is fetched from a GitHub raw content URL and converted from hexdump format using xxd.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PHP 7.2.0 with GD extension
No auth needed
Prerequisites: PHP 7.2.0 with GD extension enabled · Ability to execute arbitrary files on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by huzhenghui · poc
https://github.com/huzhenghui/Test-7-2-1-PHP-CVE-2018-5711

This Dockerfile sets up a PHP 7.2.1 environment and downloads a pre-built exploit (poc.gif) for CVE-2018-5711, a vulnerability in PHP's GD library. The exploit is likely a crafted image file that triggers a buffer overflow or memory corruption when processed.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PHP 7.2.1 with GD library
No auth needed
Prerequisites: PHP 7.2.1 with GD extension enabled · Ability to upload or process malicious image files
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Patch, Vendor Advisory x_refsource_confirm
https://bugs.php.net/bug.php?id=75571
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3755-1/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1296
Release Notes, Vendor Advisory x_refsource_confirm
http://php.net/ChangeLog-5.php
Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
Release Notes, Vendor Advisory x_refsource_confirm
http://php.net/ChangeLog-7.php
Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/01/msg00022.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201903-18
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2519

Scores

CVSS v3 5.5
EPSS 0.1345
EPSS Percentile 95.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-681 CWE-835
Status published
Products (7)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
debian/debian_linux 7.0
debian/debian_linux 8.0
php/php 7.2.0
php/php < 5.6.32
Published Jan 16, 2018
Tracked Since Feb 18, 2026