Your submission was sent successfully! Close

CVE-2016-7127

Published: 11 September 2016

The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
libgd2
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Not vulnerable

xenial Not vulnerable
(code not present)
php5
Launchpad, Ubuntu, Debian
precise
Released (5.3.10-1ubuntu3.25)
trusty
Released (5.5.9+dfsg-1ubuntu4.20)
upstream
Released (5.6.25)
xenial Does not exist

php7.0
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (7.0.10-1)
xenial
Released (7.0.8-0ubuntu0.16.04.3)