CVE-2016-7126critical
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.
References
http://openwall.com/lists/oss-security/2016/09/02/9
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/92755
http://www.securitytracker.com/id/1036680
https://bugs.php.net/bug.php?id=72697
https://github.com/php/php-src/commit/28022c9b1fd937436ab67bb3d61f652c108baf96
https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1
Details
Source: MITRE
Published: 2016-09-12
Updated: 2020-11-16
Type: CWE-787
Risk Information
CVSS v2
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
CVSS v3
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.6.24 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 98834 | PHP 7.0.x < 7.0.10 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | critical |
| 98815 | PHP 5.6.x < 5.6.25 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | critical |
| 119981 | SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2460-1) | Nessus | SuSE Local Security Checks | critical |
| 119979 | SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2408-1) | Nessus | SuSE Local Security Checks | critical |
| 101047 | Tenable SecurityCenter PHP < 5.6.25 Multiple Vulnerabilities (TNS-2016-09) | Nessus | Misc. | critical |
| 96832 | Tenable SecurityCenter < 5.4.1 Multiple Vulnerabilities (TNS-2016-19) | Nessus | Misc. | critical |
| 95421 | GLSA-201611-22 : PHP: Multiple vulnerabilities (httpoxy) | Nessus | Gentoo Local Security Checks | critical |
| 93914 | Debian DSA-3689-1 : php5 - security update | Nessus | Debian Local Security Checks | critical |
| 93894 | SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2459-1) | Nessus | SuSE Local Security Checks | critical |
| 93856 | openSUSE Security Update : php5 (openSUSE-2016-1156) | Nessus | SuSE Local Security Checks | critical |
| 9551 | PHP 5.6.x < 5.6.25 / 7.0.x < 7.0.10 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
| 93597 | openSUSE Security Update : php5 (openSUSE-2016-1095) | Nessus | SuSE Local Security Checks | critical |
| 93589 | SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2328-1) | Nessus | SuSE Local Security Checks | critical |
| 93384 | Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-252-01) | Nessus | Slackware Local Security Checks | critical |
| 93078 | PHP 7.0.x < 7.0.10 Multiple Vulnerabilities | Nessus | CGI abuses | critical |
| 93077 | PHP 5.6.x < 5.6.25 Multiple Vulnerabilities | Nessus | CGI abuses | critical |