The GD library is a graphics and image processing extension for PHP. It allows developers to create images and manipulate them using various functions. The vulnerability discovered in this CVE affects the way GD handles certain types of input, allowing an attacker to execute arbitrary code on a server.
You're affected if you use PHP versions 5.6.20 through 7.1.13 or 7.2.0-7.2.10.
Check with: grep -r "gd" php.ini
Note that this CVE is similar to another vulnerability in the GD library, but it has different impact and exploitation details.
To fix this issue:
- Upgrade PHP to version 7.1.13 or later (https://www.php.net/releases/).
- If upgrading isn't possible immediately, apply the patch manually: https://bugs.php.net/bug.php?id=69328