Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-7890

Опубликовано: 02 авг. 2017
Источник: debian
EPSS Средний

Описание

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php7.1fixed7.1.8-1package
php7.0fixed7.0.22-1package
php5removedpackage
libgd2fixed2.2.5-1package

Примечания

  • PHP Bug: https://bugs.php.net/bug.php?id=74435

  • Fixed in 7.1.7, 7.0.21, 5.6.31

  • https://github.com/libgd/libgd/issues/399

  • https://github.com/libgd/libgd/commit/c613bc169802bb4b639ee2e15c61b25b80a88424

EPSS

Процентиль: 93%
0.111
Средний

Связанные уязвимости

ubuntu логотип

CVE-2017-7890

CVSS3: 6.5
ubuntu
почти 8 лет назад

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.

redhat логотип

CVE-2017-7890

CVSS3: 5.5
redhat
почти 8 лет назад

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.

nvd логотип

CVE-2017-7890

CVSS3: 6.5
nvd
почти 8 лет назад

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.

github логотип

GHSA-2cx4-qmrc-3ff4

CVSS3: 6.5
github
около 3 лет назад

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.

oracle-oval логотип

ELSA-2018-0406

oracle-oval
больше 7 лет назад

ELSA-2018-0406: php security update (MODERATE)

EPSS

Процентиль: 93%
0.111
Средний