Description
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 13 | | | 2.2.5-1 |
 alpine v3.4 | | =2.0.35-r0 || =2.0.35-r1 || =2.0.35-r2 || =2.0.36_rc1-r1 || =2.0.36_rc1-r2 || =2.0.36_rc1-r3 || =2.0.36_rc1-r4 || =2.0.36_rc1-r5 || =2.0.36_rc1-r6 || =2.0.36_rc1-r7 || =2.0.36_rc1-r8 || =2.0.36_rc1-r9 || =2.1.0-r0 || =2.1.0-r1 || =2.1.1-r0 || =2.2.1-r0 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || >=0 <2.2.5-r0 | 2.2.5-r0 |
alpine v3.5 | | =2.0.35-r0 || =2.0.35-r1 || =2.0.35-r2 || =2.0.36_rc1-r1 || =2.0.36_rc1-r2 || =2.0.36_rc1-r3 || =2.0.36_rc1-r4 || =2.0.36_rc1-r5 || =2.0.36_rc1-r6 || =2.0.36_rc1-r7 || =2.0.36_rc1-r8 || =2.0.36_rc1-r9 || =2.1.0-r0 || =2.1.0-r1 || =2.1.1-r0 || =2.2.1-r0 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || >=0 <2.2.5-r0 | 2.2.5-r0 |
debian 11 | | | 2.2.5-1 |
debian 12 | | | 2.2.5-1 |
alpine v3.6 | | =2.0.35-r0 || =2.0.35-r1 || =2.0.35-r2 || =2.0.36_rc1-r0 || =2.0.36_rc1-r1 || =2.0.36_rc1-r2 || =2.0.36_rc1-r3 || =2.0.36_rc1-r4 || =2.0.36_rc1-r5 || =2.0.36_rc1-r6 || =2.0.36_rc1-r7 || =2.0.36_rc1-r8 || =2.0.36_rc1-r9 || =2.1.0-r0 || =2.1.0-r1 || =2.1.1-r0 || =2.2.1-r0 || =2.2.3-r0 || =2.2.3-r1 || =2.2.4-r0 || =2.2.4-r1 || =2.2.4-r2 || >=0 <2.2.5-r0 | 2.2.5-r0 |
debian 14 | | | 2.2.5-1 |
 rpm rhel7 | | | 0:5.4.16-43.el7_4.1 |
rpm rhel6 | | - | - |
rpm rhel5 | | - | - |
