CVE-2016-7126 — Out-of-bounds Write in PHP

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

9.8CRITICALNVD

EPSS

4.6%

top 10.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PHP Debian Libgd2

Timeline

PublishedSep 12

Latest updateMay 13

Description

The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDphp/php5.6.24+10

▶debiandebian/libgd2

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-g45g-prg5-m635: The imagetruecolortopalette function in ext/gd/gd↗2022-05-13

▶

📋Vendor Advisories

Red Hat

php: select_colors write out-of-bounds↗2016-09-02

▶

Debian

CVE-2016-7126: libgd2 - The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x...↗2016

▶

📄Research Papers

arXiv

Automatic Heap Layout Manipulation for Exploitation↗2018-09-03

▶

💬Community

Bugzilla

CVE-2016-7126 php: select_colors write out-of-bounds↗2016-09-09

▶