Medium severity6.5NVD Advisory· Published Aug 2, 2017· Updated Jun 17, 2026
CVE-2017-7890
CVE-2017-7890
Description
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
48cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 28 more
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.6.30
- cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:7.1.6:*:*:*:*:*:*:*
- osv-coords19 versionspkg:rpm/opensuse/gd&distro=openSUSE%20Tumbleweedpkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/gd&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 2.3.3-1.1+ 18 more
- (no CPE)range: < 2.3.3-1.1
- (no CPE)range: < 2.1.0-24.17.1
- (no CPE)range: < 2.1.0-24.17.1
- (no CPE)range: < 2.1.0-24.17.1
- (no CPE)range: < 2.1.0-24.17.1
- (no CPE)range: < 2.1.0-24.17.1
- (no CPE)range: < 2.1.0-24.17.1
- (no CPE)range: < 2.1.0-24.17.1
- (no CPE)range: < 2.1.0-24.17.1
- (no CPE)range: < 2.1.0-24.17.1
- (no CPE)range: < 5.3.17-112.5.1
- (no CPE)range: < 5.3.17-112.5.1
- (no CPE)range: < 5.3.17-112.5.1
- (no CPE)range: < 5.5.14-109.5.1
- (no CPE)range: < 5.5.14-109.5.1
- (no CPE)range: < 5.5.14-109.5.1
- (no CPE)range: < 7.0.7-50.9.2
- (no CPE)range: < 7.0.7-50.9.2
- (no CPE)range: < 7.0.7-50.9.2
Patches
Vulnerability mechanics
References
10- bugs.php.net/bug.phpnvdPatchVendor Advisory
- bugs.php.net/patch-display.phpnvdIssue TrackingPatchVendor Advisory
- php.net/ChangeLog-5.phpnvdRelease NotesVendor Advisory
- php.net/ChangeLog-7.phpnvdRelease NotesVendor Advisory
- www.securityfocus.com/bid/99492nvdThird Party AdvisoryVDB Entry
- www.debian.org/security/2017/dsa-3938nvd
- access.redhat.com/errata/RHSA-2018:0406nvd
- access.redhat.com/errata/RHSA-2018:1296nvd
- security.netapp.com/advisory/ntap-20180112-0001/nvd
- www.tenable.com/security/tns-2017-12nvd
News mentions
0No linked articles in our index yet.