Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-7126

The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.

Published

2016-09-12T01:59:04.723

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	php	php	7.0.0	Yes
Application	php	php	7.0.1	Yes
Application	php	php	7.0.2	Yes
Application	php	php	7.0.3	Yes
Application	php	php	7.0.4	Yes
Application	php	php	7.0.5	Yes
Application	php	php	7.0.6	Yes
Application	php	php	7.0.7	Yes
Application	php	php	7.0.8	Yes
Application	php	php	7.0.9	Yes
Application	php	php	≤ 5.6.24	Yes

References

http://openwall.com/lists/oss-security/2016/09/02/9 Mailing List ([email protected])
http://rhn.redhat.com/errata/RHSA-2016-2750.html Third Party Advisory ([email protected])
http://www.php.net/ChangeLog-5.php Release Notes ([email protected])
http://www.php.net/ChangeLog-7.php Release Notes ([email protected])
http://www.securityfocus.com/bid/92755 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1036680 Third Party Advisory, VDB Entry ([email protected])
https://bugs.php.net/bug.php?id=72697 Exploit, Issue Tracking ([email protected])
https://github.com/php/php-src/commit/28022c9b1fd937436ab67bb3d61f652c108baf96 Patch, Vendor Advisory ([email protected])
https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1 Issue Tracking, Patch ([email protected])
https://security.gentoo.org/glsa/201611-22 Third Party Advisory ([email protected])
https://www.tenable.com/security/tns-2016-19 Third Party Advisory ([email protected])
http://openwall.com/lists/oss-security/2016/09/02/9 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-2750.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.php.net/ChangeLog-5.php Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.php.net/ChangeLog-7.php Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92755 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036680 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.php.net/bug.php?id=72697 Exploit, Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/php/php-src/commit/28022c9b1fd937436ab67bb3d61f652c108baf96 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201611-22 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2016-19 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)