Back to search
CVE-2017-7890
Published: Aug 2, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.tenable.com/security/tns-2017-12
x_refsource_CONFIRM
DSA-3938
vendor-advisory
x_refsource_DEBIAN
RHSA-2018:1296
vendor-advisory
x_refsource_REDHAT
http://php.net/ChangeLog-5.php
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180112-0001/
x_refsource_CONFIRM
99492
vdb-entry
x_refsource_BID
http://php.net/ChangeLog-7.php
x_refsource_CONFIRM
RHSA-2018:0406
vendor-advisory
x_refsource_REDHAT
https://bugs.php.net/bug.php?id=74435
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now