UBUNTU-CVE-2016-10712
- Source
- https://ubuntu.com/security/CVE-2016-10712
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-10712.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2016-10712
- Upstream
- Downstream
- Related
- Published
- 2018-02-09T00:00:00Z
- Modified
- 2025-09-08T16:43:59Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of streamgetmetadata can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = streamgetmetadata(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.
- References
Affected packages
Ubuntu:14.04:LTS / php5
Package
- Name
- php5
- Purl
- pkg:deb/ubuntu/php5@5.5.9+dfsg-1ubuntu4.24?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.5.9+dfsg-1ubuntu4.24
Affected versions
5.*
5.5.3+dfsg-1ubuntu2
5.5.3+dfsg-1ubuntu3
5.5.6+dfsg-1ubuntu1
5.5.6+dfsg-1ubuntu2
5.5.8+dfsg-2ubuntu1
5.5.9+dfsg-1ubuntu1
5.5.9+dfsg-1ubuntu2
5.5.9+dfsg-1ubuntu3
5.5.9+dfsg-1ubuntu4
5.5.9+dfsg-1ubuntu4.1
5.5.9+dfsg-1ubuntu4.2
5.5.9+dfsg-1ubuntu4.3
5.5.9+dfsg-1ubuntu4.4
5.5.9+dfsg-1ubuntu4.5
5.5.9+dfsg-1ubuntu4.6
5.5.9+dfsg-1ubuntu4.7
5.5.9+dfsg-1ubuntu4.9
5.5.9+dfsg-1ubuntu4.11
5.5.9+dfsg-1ubuntu4.12
5.5.9+dfsg-1ubuntu4.13
5.5.9+dfsg-1ubuntu4.14
5.5.9+dfsg-1ubuntu4.16
5.5.9+dfsg-1ubuntu4.17
5.5.9+dfsg-1ubuntu4.19
5.5.9+dfsg-1ubuntu4.20
5.5.9+dfsg-1ubuntu4.21
5.5.9+dfsg-1ubuntu4.22
5.5.9+dfsg-1ubuntu4.23
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "libapache2-mod-php5"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "libapache2-mod-php5filter"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "libphp5-embed"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php-pear"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-cgi"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-cli"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-common"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-curl"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-dev"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-enchant"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-fpm"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-gd"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-gmp"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-intl"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-ldap"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-mysql"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-mysqlnd"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-odbc"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-pgsql"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-pspell"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-readline"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-recode"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-snmp"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-sqlite"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-sybase"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-tidy"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-xmlrpc"
},
{
"binary_version": "5.5.9+dfsg-1ubuntu4.24",
"binary_name": "php5-xsl"
}
],
"availability": "No subscription required"
}