CVE-2016-7127

The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1bd103df00f49cf4d4ade2cfe3f456ac058a4eae

Affected versions

Other

NEWS

NEWS-cvs2svn

php-5.*

php-5.3.23RC1

php-5.3.29

php-5.3.29RC1

php-5.4.30RC1

php-5.4.32RC1

php-5.4.4RC2

php-5.5.24RC1

php-5.6.18RC1

php-5.6.19RC1

php-5.6.22RC1

php-5.6.23RC1

php-5.6.24RC1

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/php/php-src/commit/1bd103df00f49cf4d4ade2cfe3f456ac058a4eae",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "13061000410432496893915167939260265663",
                "16449094754789311592583499708074726003",
                "249040513906500853715332747983958150376"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "ext/gd/gd.c"
        },
        "id": "CVE-2016-7127-b20a7f9e",
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/php/php-src/commit/1bd103df00f49cf4d4ade2cfe3f456ac058a4eae",
        "deprecated": false,
        "digest": {
            "function_hash": "182819258980180063651267922896273285635",
            "length": 1319.0
        },
        "target": {
            "file": "ext/gd/gd.c",
            "function": "PHP_FUNCTION"
        },
        "id": "CVE-2016-7127-c5e74e49",
        "signature_type": "Function",
        "signature_version": "v1"
    }
]