gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
{ "vanir_signatures": [ { "deprecated": false, "source": "https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f", "target": { "file": "src/gd.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "101596286683791141158940098408006981970", "57027709968180314751806798402433430148", "219751563406889302728145834431736606265", "269005566747141311857741952118440894727", "7920834115374501717266888308718827631", "114995183731647994804863226759030143018", "137350249030089037543778813862820402485", "314141834951349117205344496345660421666", "60860856782584586368952408655708045654", "22725740368233869882587282633583529125", "240501142895742632411135257526459398233", "181974805664716321179466111885354045082", "73748466374182154486630270515923290986", "126852781156425569605314939158155997220" ] }, "id": "CVE-2018-14553-6de27c33", "signature_version": "v1", "signature_type": "Line" }, { "deprecated": false, "source": "https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f", "target": { "function": "gdImageClone", "file": "src/gd.c" }, "digest": { "function_hash": "129339956977801164261072113179957572465", "length": 2608.0 }, "id": "CVE-2018-14553-c9b36c9d", "signature_version": "v1", "signature_type": "Function" } ] }