VDB
CVE-2016-7126
CVE-2016-7126
PUBLISHED
Reported by mitre · Published September 12, 2016
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
Exploit Intelligence
- https://bugs.php.net/bug.php?id=72697 (nist-nvd)
Timeline
- Sep 12, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
- Dec 13, 2023 EPSS Score
References
- x_refsource_CONFIRM
- GLSA-201611-22 vendor-advisoryx_refsource_GENTOO
- 1036680 vdb-entryx_refsource_SECTRACK
- x_refsource_CONFIRM
- RHSA-2016:2750 vendor-advisoryx_refsource_REDHAT
- 92755 vdb-entryx_refsource_BID
- x_refsource_CONFIRM
- x_refsource_CONFIRM
- [oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl mailing-listx_refsource_MLIST
- x_refsource_CONFIRM
- x_refsource_CONFIRM