CVE-2017-7890
published 2017-08-02CVE-2017-7890: The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7…
PriorityP333medium6.5CVSS 3.0
AVNACLPRNUIRSUCHINAN
EPSS
3.42%
87.4th percentile
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libgd2 | < libgd2 2.2.5-1 (bookworm) | libgd2 2.2.5-1 (bookworm) |
| php | php | <= 5.6.30 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
GD vulnerability
vendor_ubuntu·2017-08-14
CVE-2017-7890 GD vulnerability
Title: GD vulnerability
Summary: The system could be made to expose sensitive information.
USN-3389-1 fixed a vulnerability in GD Graphics Library.
This update provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
A vulnerability was discovered in GD Graphics Library (aka libgd),
as used in PHP that does not zero colorMap arrays before use.
A specially crafted GIF image could use the uninitialized tables to
read bytes from the top of the stack.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
GD vulnerability
vendor_ubuntu·2017-08-14
CVE-2017-7890 GD vulnerability
Title: GD vulnerability
Summary: The system could be made to expose sensitive information.
A vulnerability was discovered in GD Graphics Library (aka libgd),
as used in PHP that does not zero colorMap arrays before use.
A specially crafted GIF image could use the uninitialized tables to
read bytes from the top of the stack.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
vendor_redhat·2017-07-10·CVSS 6.5
CVE-2017-7890 [MEDIUM] CWE-20 php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
A data leak was found in gdImageCreateFromGifCtx() in GD Graphics Library used in PHP before 5.6.31 and 7.1.7. An attacker could craft a malicious GIF image and read up to 762 bytes from stack.
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. We r
Debian
CVE-2017-7890: libgd2 - The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graph...
vendor_debian·2017·CVSS 6.5
CVE-2017-7890 [MEDIUM] CVE-2017-7890: libgd2 - The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graph...
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
Scope: local
bookworm: resolved (fixed in 2.2.5-1)
bullseye: resolved (fixed in 2.2.5-1)
forky: resolved (fixed in 2.2.5-1)
sid: resolved (fixed in 2.2.5-1)
trixie: resolved (fixed in 2.2.5-1)
GHSA
GHSA-2cx4-qmrc-3ff4: The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in
ghsa_unreviewed·2022-05-14
CVE-2017-7890 [MEDIUM] CWE-200 GHSA-2cx4-qmrc-3ff4: The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
OSV
CVE-2017-7890: The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in
osv·2017-08-02·CVSS 6.5
CVE-2017-7890 [MEDIUM] CVE-2017-7890: The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-7890 php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function [fedora-all]
bugzilla·2017-07-21·CVSS 6.5
CVE-2017-7890 [MEDIUM] CVE-2017-7890 php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function [fedora-all]
CVE-2017-7890 php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affect
Bugzilla
CVE-2017-7890 php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
bugzilla·2017-07-21·CVSS 6.5
CVE-2017-7890 [MEDIUM] CVE-2017-7890 php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
CVE-2017-7890 php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
A flaw was found in php. The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be reached with a call to the imagecreatefromstring() function) uses constant-sized color tables of size 3 * 256, but does not zero-out these arrays before use. This flaw could lead to a information leak through a specially crafted image with bogus color table.
Upstream bug:
https://bugs.php.net/bug.php?id=74435
Upstream patch:
http://git.php.net/?p=php-src.git;a=commit;h=018092125538782b25d3ab6b036f0c8d5968f757
http://git.php.net/?p=php-src.git;a=commit;h=8dc4f4dc9e44d1cbfe4654aa6e0dc27c94913938
https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038
Refe
http://php.net/ChangeLog-5.phphttp://php.net/ChangeLog-7.phphttp://www.debian.org/security/2017/dsa-3938http://www.securityfocus.com/bid/99492https://access.redhat.com/errata/RHSA-2018:0406https://access.redhat.com/errata/RHSA-2018:1296https://bugs.php.net/bug.php?id=74435https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038https://security.netapp.com/advisory/ntap-20180112-0001/https://www.tenable.com/security/tns-2017-12http://php.net/ChangeLog-5.phphttp://php.net/ChangeLog-7.phphttp://www.debian.org/security/2017/dsa-3938http://www.securityfocus.com/bid/99492https://access.redhat.com/errata/RHSA-2018:0406https://access.redhat.com/errata/RHSA-2018:1296https://bugs.php.net/bug.php?id=74435https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038https://security.netapp.com/advisory/ntap-20180112-0001/https://www.tenable.com/security/tns-2017-12
2017-08-02
Published