CVE-2017-7890

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.

References

http://php.net/ChangeLog-5.php

http://php.net/ChangeLog-7.php

http://www.debian.org/security/2017/dsa-3938

http://www.securityfocus.com/bid/99492

https://access.redhat.com/errata/RHSA-2018:0406

https://access.redhat.com/errata/RHSA-2018:1296

https://bugs.php.net/bug.php?id=74435

https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038

https://security.netapp.com/advisory/ntap-20180112-0001/

https://www.tenable.com/security/tns-2017-12

Details

Source: MITRE

Published: 2017-08-02

Updated: 2018-05-04

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
134366SUSE SLED12 / SLES12 Security Update : gd (SUSE-SU-2020:0623-1)NessusSuSE Local Security Checks
medium
127174NewStart CGSL CORE 5.04 / MAIN 5.04 : php Multiple Vulnerabilities (NS-SA-2019-0019)NessusNewStart CGSL Local Security Checks
high
124905EulerOS Virtualization for ARM 64 3.0.1.0 : php (EulerOS-SA-2019-1402)NessusHuawei Local Security Checks
critical
98864PHP 7.1.x < 7.1.7 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98844PHP 7.0.x < 7.0.21 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98822PHP 5.6.x < 5.6.31 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
120004SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)NessusSuSE Local Security Checks
high
120003SUSE SLES12 Security Update : php7 (SUSE-SU-2017:2303-1)NessusSuSE Local Security Checks
high
117558EulerOS Virtualization 2.5.0 : php (EulerOS-SA-2018-1249)NessusHuawei Local Security Checks
medium
109495EulerOS 2.0 SP2 : php (EulerOS-SA-2018-1097)NessusHuawei Local Security Checks
critical
109494EulerOS 2.0 SP1 : php (EulerOS-SA-2018-1096)NessusHuawei Local Security Checks
critical
109147Slackware 14.2 / current : gd (SSA:2018-108-01)NessusSlackware Local Security Checks
high
107272CentOS 7 : php (CESA-2018:0406)NessusCentOS Local Security Checks
medium
107212Scientific Linux Security Update : php on SL7.x x86_64 (20180306)NessusScientific Linux Local Security Checks
medium
107204Oracle Linux 7 : php (ELSA-2018-0406)NessusOracle Linux Local Security Checks
medium
107188RHEL 7 : php (RHSA-2018:0406)NessusRed Hat Local Security Checks
medium
105952Fedora 27 : gd (2017-ac3dd4ecf8)NessusFedora Local Security Checks
high
103478FreeBSD : php-gd and gd -- Buffer over-read into uninitialized memory (5033e2fc-98ec-4ef5-8e0b-87cfbbc73081)NessusFreeBSD Local Security Checks
medium
103317SUSE SLES11 Security Update : php53 (SUSE-SU-2017:2522-1)NessusSuSE Local Security Checks
critical
103121Tenable SecurityCenter PHP < 5.6.31 Multiple Vulnerabilities (TNS-2017-12NessusMisc.
critical
102985Fedora 25 : gd (2017-a69b0bb52d)NessusFedora Local Security Checks
high
102966openSUSE Security Update : php5 (openSUSE-2017-1010)NessusSuSE Local Security Checks
critical
102947openSUSE Security Update : php7 (openSUSE-2017-994)NessusSuSE Local Security Checks
critical
102937Fedora 26 : gd (2017-7cc0e6a5f5)NessusFedora Local Security Checks
high
102493Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : libgd2 vulnerability (USN-3389-1)NessusUbuntu Local Security Checks
medium
102445Debian DSA-3938-1 : libgd2 - security updateNessusDebian Local Security Checks
medium
102440Debian DLA-1055-1 : libgd2 security updateNessusDebian Local Security Checks
medium
102181Amazon Linux AMI : php70 (ALAS-2017-867)NessusAmazon Linux Local Security Checks
critical
101527PHP 7.1.x < 7.1.7 Multiple VulnerabilitiesNessusCGI abuses
critical
101526PHP 7.0.x < 7.0.21 Multiple VulnerabilitiesNessusCGI abuses
critical
101525PHP 5.6.x < 5.6.31 Multiple VulnerabilitiesNessusCGI abuses
critical