← voltar
CVE-2017-7890

CVE-2017-7890

EPSS 3.4%
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://php.net/ChangeLog-5.phphttp://php.net/ChangeLog-7.phphttps://access.redhat.com/errata/RHSA-2018:0406https://access.redhat.com/errata/RHSA-2018:1296https://bugs.php.net/bug.php?id=74435https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038https://security.netapp.com/advisory/ntap-20180112-0001/https://www.tenable.com/security/tns-2017-12http://www.debian.org/security/2017/dsa-3938http://www.securityfocus.com/bid/99492