CVE-2017-7890
php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
La función de descodificación de GIF "gdImageCreateFromGifCtx " en gd_gif_in.c en GD Graphics Library (también conocido como libgd),que se usa en PHP en versiones anteriores a la 5.6.31 y en todas las 7.x anteriores a la 7.1.7, no asigna el valor cero a los objetos array colorMap antes de usarse. Una imagen GIF especialmente manipulada podría utilizar las tablas no inicializadas para leer sobre 700 bytes por encima de la pila, pudiendo divulgar información sensible.
A data leak was found in gdImageCreateFromGifCtx() in GD Graphics Library used in PHP before 5.6.31 and 7.1.7. An attacker could craft a malicious GIF image and read up to 762 bytes from stack.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-17 CVE Reserved
- 2017-08-02 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/99492 | Third Party Advisory | |
https://security.netapp.com/advisory/ntap-20180112-0001 | X_refsource_confirm | |
https://www.tenable.com/security/tns-2017-12 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugs.php.net/bug.php?id=74435 | 2018-05-04 | |
https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038 | 2018-05-04 |
URL | Date | SRC |
---|---|---|
http://php.net/ChangeLog-5.php | 2018-05-04 | |
http://php.net/ChangeLog-7.php | 2018-05-04 | |
http://www.debian.org/security/2017/dsa-3938 | 2018-05-04 | |
https://access.redhat.com/errata/RHSA-2018:0406 | 2018-05-04 | |
https://access.redhat.com/errata/RHSA-2018:1296 | 2018-05-04 | |
https://access.redhat.com/security/cve/CVE-2017-7890 | 2018-05-03 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1473822 | 2018-05-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | <= 5.6.30 Search vendor "Php" for product "Php" and version " <= 5.6.30" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.0 Search vendor "Php" for product "Php" and version "7.0.0" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.1 Search vendor "Php" for product "Php" and version "7.0.1" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.2 Search vendor "Php" for product "Php" and version "7.0.2" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.3 Search vendor "Php" for product "Php" and version "7.0.3" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.4 Search vendor "Php" for product "Php" and version "7.0.4" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.5 Search vendor "Php" for product "Php" and version "7.0.5" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.6 Search vendor "Php" for product "Php" and version "7.0.6" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.7 Search vendor "Php" for product "Php" and version "7.0.7" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.8 Search vendor "Php" for product "Php" and version "7.0.8" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.9 Search vendor "Php" for product "Php" and version "7.0.9" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.10 Search vendor "Php" for product "Php" and version "7.0.10" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.11 Search vendor "Php" for product "Php" and version "7.0.11" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.12 Search vendor "Php" for product "Php" and version "7.0.12" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.13 Search vendor "Php" for product "Php" and version "7.0.13" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.14 Search vendor "Php" for product "Php" and version "7.0.14" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.15 Search vendor "Php" for product "Php" and version "7.0.15" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.16 Search vendor "Php" for product "Php" and version "7.0.16" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.17 Search vendor "Php" for product "Php" and version "7.0.17" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.18 Search vendor "Php" for product "Php" and version "7.0.18" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.19 Search vendor "Php" for product "Php" and version "7.0.19" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.0.20 Search vendor "Php" for product "Php" and version "7.0.20" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.0 Search vendor "Php" for product "Php" and version "7.1.0" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.1 Search vendor "Php" for product "Php" and version "7.1.1" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.2 Search vendor "Php" for product "Php" and version "7.1.2" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.3 Search vendor "Php" for product "Php" and version "7.1.3" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.4 Search vendor "Php" for product "Php" and version "7.1.4" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.5 Search vendor "Php" for product "Php" and version "7.1.5" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 7.1.6 Search vendor "Php" for product "Php" and version "7.1.6" | - |
Affected
|