CVE-2017-7890
- Source
- https://cve.org/CVERecord?id=CVE-2017-7890
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7890.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-7890
- Downstream
- Related
- Published
- 2017-08-02T19:29:00.897Z
- Modified
- 2026-02-11T14:01:32.284267Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
- References
-
- https://www.tenable.com/security/tns-2017-12
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.debian.org/security/2017/dsa-3938
- http://www.securityfocus.com/bid/99492
- https://access.redhat.com/errata/RHSA-2018:0406
- https://access.redhat.com/errata/RHSA-2018:1296
- https://bugs.php.net/bug.php?id=74435
- https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038
- https://security.netapp.com/advisory/ntap-20180112-0001/
- https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038
- https://bugs.php.net/bug.php?id=74435
- https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038
Affected packages
Git / github.com/php/php-src
Affected ranges
- Type
- GIT
- Repo
- https://github.com/php/php-src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected