Lucene search
K

php-gd 'gdxpm.c'空指针拒绝服务漏洞

🗓️ 17 Mar 2014 00:00:00Reported by RootType 
seebug
 seebug
🔗 www.seebug.org👁 103 Views

php-gd 'gdxpm.c'空指针拒绝服务漏

Related
Code

                                                php > imagecreatefromxpm("monochome-poc.xpm");

(gdb) p colorTable[0]
$2 = {string = 0x7fa6cec524c0 "A", symbolic = 0x0, m_color = 0x0, g4_color = 0x0, g_color = 0x0, c_color = 0x7fa6cec58650 "#FFFFFF"}
(gdb) p colorTable[1]
$3 = {string = 0x7fa6cec58670 "B", symbolic = 0x0, m_color = 0x0, g4_color = 0x0, g_color = 0x0, c_color = 0x7fa6cec58690 "#CCCCCC"}
(gdb) p colorTable[2]
$4 = {string = 0x7fa6cec586b0 "C", symbolic = 0x0, m_color = 0x0, g4_color = 0x0, g_color = 0x0, c_color = 0x7fa6cec586d0 "#999999"}
(gdb) p colorTable[3]
$5 = {string = 0x7fa6cec586f0 "D", symbolic = 0x0, m_color = 0x7fa6cec58710 "#666666", g4_color = 0x0, g_color = 0x0, c_color = 0x0}
(gdb) p colorTable[4]
$6 = {string = 0x7fa6cec58730 "E", symbolic = 0x0, m_color = 0x0, g4_color = 0x0, g_color = 0x0, c_color = 0x7fa6cec58750 "#333333"}
(gdb) p colorTable[5]
$7 = {string = 0x7fa6cec58770 "F", symbolic = 0x0, m_color = 0x0, g4_color = 0x0, g_color = 0x0, c_color = 0x7fa6cec58790 "#000000"}
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2_pminub () at ../sysdeps/x86_64/multiarch/strlen-sse2-pminub.S:39
39		movdqu	(%rdi), %xmm1
(gdb) bt
#0  __strlen_sse2_pminub () at ../sysdeps/x86_64/multiarch/strlen-sse2-pminub.S:39
#1  0x00007f009474942a in gdImageCreateFromXpm (filename=<optimized out>) at /usr/src/debug/php-5.4.17/ext/gd/libgd/gdxpm.c:42
#2  0x00007f009473d2c2 in _php_image_create_from (ht=<optimized out>, return_value=0x7f00a169be98, image_type=6, tn=0x7f0094753c00 "XPM", func_p=0x7f0094749340 <gdImageCreateFromXpm>, 
    ioctx_func_p=<optimized out>, return_value_used=<optimized out>, this_ptr=<optimized out>, return_value_ptr=<optimized out>) at /usr/src/debug/php-5.4.17/ext/gd/gd.c:2534
#3  0x00007f00a19e5181 in zend_do_fcall_common_helper_SPEC (execute_data=0x7f00a1665060) at /usr/src/debug/php-5.4.17/Zend/zend_vm_execute.h:643
#4  0x00007f00a199f017 in execute (op_array=0x7f00a169acf8) at /usr/src/debug/php-5.4.17/Zend/zend_vm_execute.h:410
#5  0x00007f00a1932976 in zend_eval_stringl (str=str@entry=0x7f00a1699c88 "imagecreatefromxpm(\"0day/zero-day2.xpm\");\n", str_len=str_len@entry=42, retval_ptr=retval_ptr@entry=0x0, 
    string_name=string_name@entry=0x7f00a1a0cbdf "php shell code") at /usr/src/debug/php-5.4.17/Zend/zend_execute_API.c:1197
#6  0x00007f00a181fcdf in readline_shell_run () at /usr/src/debug/php-5.4.17/ext/readline/readline_cli.c:664
#7  0x00007f00a19e78c4 in do_cli (argc=2, argv=0x7ffff35fc268) at /usr/src/debug/php-5.4.17/sapi/cli/php_cli.c:986
#8  0x00007f00a179ea9a in main (argc=2, argv=0x7ffff35fc268) at /usr/src/debug/php-5.4.17/sapi/cli/php_cli.c:1364
                              

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Mar 2014 00:00Current
7.9High risk
Vulners AI Score7.9
EPSS0.22319
103