9.8

CVE-2016-7126

Exploit
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version7.0.0
PhpPhp Version7.0.1
PhpPhp Version7.0.2
PhpPhp Version7.0.3
PhpPhp Version7.0.4
PhpPhp Version7.0.5
PhpPhp Version7.0.6
PhpPhp Version7.0.7
PhpPhp Version7.0.8
PhpPhp Version7.0.9
PhpPhp Version <= 5.6.24
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.82% 0.945
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.php.net/ChangeLog-5.php
Release Notes
http://rhn.redhat.com/errata/RHSA-2016-2750.html
Third Party Advisory
http://www.php.net/ChangeLog-7.php
Release Notes
https://security.gentoo.org/glsa/201611-22
Third Party Advisory
http://openwall.com/lists/oss-security/2016/09/02/9
Mailing List
http://www.securitytracker.com/id/1036680
Third Party Advisory
VDB Entry
https://www.tenable.com/security/tns-2016-19
Third Party Advisory
http://www.securityfocus.com/bid/92755
Third Party Advisory
VDB Entry
https://bugs.php.net/bug.php?id=72697
Exploit
Issue Tracking
https://github.com/php/php-src/commit/28022c9b1fd937436ab67bb3d61f652c108baf96
Patch
Vendor Advisory
https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1
Patch
Issue Tracking