Bug 1260748 - php: getimagesize() fails for very large WBMP causing an integer overflow
php: getimagesize() fails for very large WBMP causing an integer overflow
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20150712,reported=2...
: Security
Depends On: 1260762
Blocks: 1260756
  Show dependency treegraph
 
Reported: 2015-09-07 11:24 EDT by Adam Mariš
Modified: 2016-03-04 06:57 EST (History)
15 users (show)

See Also:
Fixed In Version: php 5.6.13
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-28 08:57:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2015-09-07 11:24:22 EDT
An integer overflow occurs when the size of the supplied WBMP is greater than (2^31-1) resulting in invalid WBMPs returning a "valid" response, which circumvents the size limitation. Very small WBMP (less than 12 bytes) cause a read error and are not recognized.

Upstream report:

https://bugs.php.net/bug.php?id=70052

Upstream patch:

http://git.php.net/?p=php-src.git;a=commit;h=87829c09a1d9e39bee994460d7ccf19dd20eda14
Comment 1 Adam Mariš 2015-09-07 12:13:39 EDT
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1260762]
Comment 2 Fedora Update System 2015-09-14 18:19:56 EDT
php-5.6.13-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2015-09-14 19:19:02 EDT
php-5.6.13-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2015-09-18 14:43:25 EDT
php-5.6.13-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 5 Tomas Hoger 2015-09-28 08:57:56 EDT
It does not seem any security impact of this bug has been demonstrated.  Not handling as security flaw.

Note You need to log in before you can comment on or make changes to this bug.