{ "threat_severity" : "Moderate", "public_date" : "2017-07-10T00:00:00Z", "bugzilla" : { "description" : "php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function", "id" : "1473822", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1473822" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-20", "details" : [ "The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.", "A data leak was found in gdImageCreateFromGifCtx() in GD Graphics Library used in PHP before 5.6.31 and 7.1.7. An attacker could craft a malicious GIF image and read up to 762 bytes from stack." ], "statement" : "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. We recommend avoiding usage of the functions gdImageCreateFromGifCtx() and imagecreatefromstring() as they can lead to stack data leak.\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2018-03-06T00:00:00Z", "advisory" : "RHSA-2018:0406", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "php-0:5.4.16-43.el7_4.1" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date" : "2018-05-03T00:00:00Z", "advisory" : "RHSA-2018:1296", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-php70-php-0:7.0.27-1.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date" : "2018-05-03T00:00:00Z", "advisory" : "RHSA-2018:1296", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-php70-php-0:7.0.27-1.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2018-05-03T00:00:00Z", "advisory" : "RHSA-2018:1296", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php70-php-0:7.0.27-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date" : "2018-05-03T00:00:00Z", "advisory" : "RHSA-2018:1296", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php70-php-0:7.0.27-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date" : "2018-05-03T00:00:00Z", "advisory" : "RHSA-2018:1296", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php70-php-0:7.0.27-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date" : "2018-05-03T00:00:00Z", "advisory" : "RHSA-2018:1296", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php70-php-0:7.0.27-1.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "php53", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat OpenShift Enterprise 2", "fix_state" : "Will not fix", "package_name" : "php", "cpe" : "cpe:/a:redhat:openshift:2" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "rh-php56-php", "cpe" : "cpe:/a:redhat:rhel_software_collections:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-7890\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7890" ], "name" : "CVE-2017-7890", "csaw" : false }