Medium severity6.5NVD Advisory· Published Aug 2, 2017· Updated May 13, 2026
CVE-2017-7890
CVE-2017-7890
Description
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
Affected products
29cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 28 more
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.6.30
- cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- bugs.php.net/bug.phpnvdPatchVendor Advisory
- bugs.php.net/patch-display.phpnvdIssue TrackingPatchVendor Advisory
- php.net/ChangeLog-5.phpnvdRelease NotesVendor Advisory
- php.net/ChangeLog-7.phpnvdRelease NotesVendor Advisory
- www.securityfocus.com/bid/99492nvdThird Party AdvisoryVDB Entry
- www.debian.org/security/2017/dsa-3938nvd
- access.redhat.com/errata/RHSA-2018:0406nvd
- access.redhat.com/errata/RHSA-2018:1296nvd
- security.netapp.com/advisory/ntap-20180112-0001/nvd
- www.tenable.com/security/tns-2017-12nvd
News mentions
0No linked articles in our index yet.