Your submission was sent successfully! Close

CVE-2016-10712

Published: 9 February 2018

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise
Released (5.3.10-1ubuntu3.36)
trusty
Released (5.5.9+dfsg-1ubuntu4.24)
upstream
Released (5.5.32,5.6.18)
xenial Does not exist

php7.0
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (7.0.3)
xenial Not vulnerable
(7.0.25-0ubuntu0.16.04.1)
php7.1
Launchpad, Ubuntu, Debian
artful Not vulnerable
(7.1.11-0ubuntu0.17.10.1)
bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist