Critical severity9.8NVD Advisory· Published Sep 12, 2016· Updated May 6, 2026

CVE-2016-7127

Description

The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/php/php-src/commit/1bd103df00f49cf4d4ade2cfe3f456ac058a4eaenvdIssue TrackingPatch
bugs.php.net/bug.phpnvdExploitIssue Tracking
openwall.com/lists/oss-security/2016/09/02/9nvdMailing List
www.php.net/ChangeLog-5.phpnvdRelease Notes
www.php.net/ChangeLog-7.phpnvdRelease Notes
rhn.redhat.com/errata/RHSA-2016-2750.htmlnvd
www.securityfocus.com/bid/92757nvd
www.securitytracker.com/id/1036680nvd
security.gentoo.org/glsa/201611-22nvd
www.tenable.com/security/tns-2016-19nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000