PublicDateAtUSN: 2016-01-19 Candidate: CVE-2016-1903 PublicDate: 2016-01-19 05:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903 https://ubuntu.com/security/notices/USN-2952-1 Description: The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function. Ubuntu-Description: Notes: mdeslaur> php uses the system libgd2, patches added to php packages have mdeslaur> no effect. mdeslaur> introduced by https://github.com/php/php-src/commit/07e52857b5f7a65c1552628e14a8a6aeeea24508 mdeslaur> in php. Looks like a php-specific issue, not in libgd2. Bugs: https://bugs.php.net/bug.php?id=70976 Priority: low Discovered-by: Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H [9.1 CRITICAL] Patches_libgd2: upstream_libgd2: needs-triage precise_libgd2: not-affected (code not present) trusty_libgd2: not-affected (code not present) trusty/esm_libgd2: not-affected (code not present) vivid/stable-phone-overlay_libgd2: DNE vivid/ubuntu-core_libgd2: DNE wily_libgd2: not-affected (code not present) xenial_libgd2: not-affected (code not present) esm-infra/xenial_libgd2: not-affected (code not present) devel_libgd2: not-affected (code not present) Patches_php5: upstream: https://github.com/php/php-src/commit/4bb422343f29f06b7081323844d9b52e1a71e4a5 upstream: https://github.com/php/php-src/commit/2baeb167a08b0186a885208bdc8b5871f1681dc8 upstream: https://github.com/php/php-src/commit/aa8d3a8cc612ba87c0497275f58a2317a90fb1c4 upstream_php5: released (5.6.17+dfsg-1) precise_php5: not-affected (code not present) trusty_php5: released (5.5.9+dfsg-1ubuntu4.16) trusty/esm_php5: released (5.5.9+dfsg-1ubuntu4.16) vivid_php5: ignored (reached end-of-life) vivid/stable-phone-overlay_php5: DNE vivid/ubuntu-core_php5: DNE wily_php5: released (5.6.11+dfsg-1ubuntu3.2) xenial_php5: DNE devel_php5: DNE Patches_php7.0: upstream_php7.0: released (7.0.2-1) precise_php7.0: DNE trusty_php7.0: DNE trusty/esm_php7.0: DNE vivid_php7.0: DNE vivid/stable-phone-overlay_php7.0: DNE vivid/ubuntu-core_php7.0: DNE wily_php7.0: DNE xenial_php7.0: not-affected (7.0.2-1) esm-infra/xenial_php7.0: not-affected (7.0.2-1) devel_php7.0: not-affected (7.0.2-1)