#VU11789 Information disclosure in PHP


Published: 2018-04-09 | Updated: 2018-04-12

Vulnerability identifier: #VU11789

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7890

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists in the GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c due to it does not zero colorMap arrays before use. A remote attacker can trick the victim into opening a specially crafted GIF image that could use the uninitialized tables to read ~700 bytes from the top of the stack and gain access to potentially sensitive information.

Mitigation
Update to versions 5.6.31 or 7.1.7.

Vulnerable software versions

PHP: 5.6.0 - 5.6.30, 7.1.0 - 7.1.6

External links
http://php.net/ChangeLog-5.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat update for php
Slackware Linux update for gd
Red Hat update for php
Information disclosure in php7 (Alpine package)
Information disclosure in gd (Alpine package)
Ubuntu update for GD
Ubuntu update for LibGD
Debian update for libgd2
Amazon Linux AMI update for php70