Lucene search
MitreCVELIST:CVE-2017-7890HistoryAug 02, 2017 - 7:00 p.m.
CVE-2017-7890
2017-08-0219:00:00
mitre
www.cve.org
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
References
php.net/ChangeLog-5.php
php.net/ChangeLog-7.php
www.debian.org/security/2017/dsa-3938
www.securityfocus.com/bid/99492
access.redhat.com/errata/RHSA-2018:0406
access.redhat.com/errata/RHSA-2018:1296
bugs.php.net/bug.php?id=74435
bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038
security.netapp.com/advisory/ntap-20180112-0001/
www.tenable.com/security/tns-2017-12
Related
openvas
openvas
Debian: Security Advisory (DSA-3938-1)
2017-08-11 00:00:00
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2018-1249)
2020-01-23 00:00:00
Ubuntu: Security Advisory (USN-3389-1)
2018-10-26 00:00:00
debian
debian
[SECURITY] [DSA 3938-1] libgd2 security update
2017-08-12 12:37:19
[SECURITY] [DLA 1055-1] libgd2 security update
2017-08-12 21:36:16
[SECURITY] [DSA 3938-1] libgd2 security update
2017-08-12 12:37:19
oraclelinux
oraclelinux
php security update
2018-03-07 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP gdImageCreateFromGifCtx Out of Bounds Read (CVE-2017-7890)
2017-08-10 00:00:00
debiancve
debiancve
CVE-2017-7890
2017-08-02 19:29:00
nessus
nessus
RHEL 7 : php (RHSA-2018:0406)
2018-03-07 00:00:00
Oracle Linux 7 : php (ELSA-2018-0406)
2018-03-08 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : GD vulnerability (USN-3389-1)
2017-08-15 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in PHP affects PowerKVM
2018-06-18 01:42:20
redhat
redhat
(RHSA-2018:0406) Moderate: php security update
2018-03-06 18:36:35
redhatcve
redhatcve
CVE-2017-7890
2017-07-21 19:18:29
prion
prion
Information disclosure
2017-08-02 19:29:00
centos
centos
php security update
2018-03-10 01:07:54
ubuntucve
ubuntucve
CVE-2017-7890
2017-08-02 00:00:00
ubuntu
ubuntu
GD vulnerability
2017-08-14 00:00:00
GD vulnerability
2017-08-14 00:00:00
veracode
veracode
Information Disclosure
2019-05-16 02:59:59
Use After Free
2019-05-16 02:59:58
alpinelinux
alpinelinux
CVE-2017-7890
2017-08-02 19:29:00
osv
osv
CVE-2017-7890
2017-08-02 19:29:00
libgd2 - security update
2017-08-12 00:00:00
libgd2 - security update
2017-08-12 00:00:00
nvd
nvd
CVE-2017-7890
2017-08-02 19:29:00
freebsd
freebsd
php-gd and gd -- Buffer over-read into uninitialized memory
2017-08-02 00:00:00
cve
cve
CVE-2017-7890
2017-08-02 19:29:00
fedora
fedora
[SECURITY] Fedora 25 Update: gd-2.2.5-1.fc25
2017-09-06 20:52:42
[SECURITY] Fedora 26 Update: gd-2.2.5-1.fc26
2017-09-02 22:27:10
[SECURITY] Fedora 27 Update: gd-2.2.5-1.fc27
2017-09-30 07:21:04
f5
f5
K01709026 : PHP vulnerabilities CVE-2017-7890 and CVE-2017-9226
2017-08-07 00:00:00
PHP vulnerabilities CVE-2017-9226 and CVE-2017-7890
2017-08-08 00:03:00
slackware
slackware
[slackware-security] gd
2018-04-19 01:44:39
mageia
mageia
Updated php and libgd packages fix security vulnerabilities
2017-08-08 01:16:24
amazon
amazon
Medium: php70
2017-08-03 20:38:00
suse
suse
Security update for php7 (important)
2017-08-30 19:30:52
Security update for php7 (important)
2017-09-04 12:07:53
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45