CVE-2017-7890
MEDIUM severity · CVSS 6.5 · Information disclosure
6.5CVSS MEDIUM
Summary
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionRequired
Confidentiality impactHigh
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)30%
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: https://bugs.php.net/bug.php?id=74435 ↗
Additional information
- NVD record
- https://bugs.php.net/bug.php?id=74435Patch
- https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038Patch
- http://php.net/ChangeLog-5.phpAdvisory
- http://php.net/ChangeLog-7.phpAdvisory
- http://www.debian.org/security/2017/dsa-3938
- http://www.securityfocus.com/bid/99492Advisory
- https://access.redhat.com/errata/RHSA-2018:0406
- https://access.redhat.com/errata/RHSA-2018:1296