Published: 19/01/2016 Updated: 05/01/2018

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP prior to 5.5.31, 5.6.x prior to 5.6.17, and 7.x prior to 7.0.2 allows remote malicious users to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.6.15
php php 5.6.14
php php 5.6.4
php php 5.6.3
php php 5.6.0
php php 5.6.13
php php 5.6.9
php php 5.6.2
php php 5.6.12
php php
php php 5.6.16
php php 5.6.6
php php 5.6.5
php php 7.0.1
php php 7.0.0
php php 5.6.8
php php 5.6.7
php php 5.6.11
php php 5.6.10
php php 5.6.1

Synopsis Moderate: rh-php56 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Mo ...

Debian Bug report logs - #835032 hhvm: Various CVEs (CVE-2014-9709 CVE-2015-8865 CVE-2016-1903 CVE-2016-4070 CVE-2016-4539 CVE-2016-6870 CVE-2016-6871 CVE-2016-6872 CVE-2016-6873 CVE-2016-6874 CVE-2016-6875) Package: src:hhvm; Maintainer for src:hhvm is (unknown); Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: ...

USN-2952-1 caused a regression in PHP ...

Several security issues were fixed in PHP ...

The imagerotate function lacked validation of the background color variable, an integer which represents an index of the color palette A number larger than the length of the color palette could be used in the function, reading beyond the memory of the color palette and causing an information leak ...

A buffer over-read flaw was found in the GD library used by the PHP gd extension A specially crafted image file could cause a PHP application using the imagerotate() function to disclose portions of the server memory or crash the PHP application ...

CWE-119 CWE-200 http://www.php.net/ChangeLog-7.php http://www.openwall.com/lists/oss-security/2016/01/14/8 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=70976 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 http://www.securityfocus.com/bid/79916 http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn/USN-2952-2 http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720 http://www.securitytracker.com/id/1034608 http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html http://rhn.redhat.com/errata/RHSA-2016-2750.html https://access.redhat.com/errata/RHSA-2016:2750 https://nvd.nist.gov https://usn.ubuntu.com/2952-2/

CVE-2016-1903

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect