製品・ソフトウェアに関する情報

JVN脆弱性詳細

PHP で使用される GD Graphics Library における情報漏えいに関する脆弱性

Title	PHP で使用される GD Graphics Library における情報漏えいに関する脆弱性
Summary	PHP で使用される GD Graphics Library (別名 libgd) には、情報漏えいに関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 1, 2017, midnight
Registration Date	Sept. 6, 2017, 4:43 p.m.
Last Update	Sept. 6, 2017, 4:43 p.m.

Affected System

The PHP Group

PHP 5.6.31 未満

PHP 7.1.7 未満の 7.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-7890	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890
National Vulnerability Database (NVD)
2	CVE-2017-7890	https://nvd.nist.gov/vuln/detail/CVE-2017-7890

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	Name	URL
PHP Bugs
1	Patch fix-74435-php-7.0 for GD related Bug #74435	https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038
2	Sec Bug #74435	https://bugs.php.net/bug.php?id=74435
The PHP Group
3	PHP 5 ChangeLog	http://php.net/ChangeLog-5.php
4	PHP 7 ChangeLog	http://php.net/ChangeLog-7.php

Change Log

No	Changed Details	Date of change
0	[2017年09月06日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-7890

Summary	The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
Publication Date	Aug. 3, 2017, 4:29 a.m.
Registration Date	Jan. 26, 2021, 1:29 p.m.
Last Update	Nov. 21, 2024, 12:32 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://php.net/ChangeLog-5.php	Release Notes Vendor Advisory
2	http://php.net/ChangeLog-5.php	Release Notes Vendor Advisory
3	http://php.net/ChangeLog-7.php	Release Notes Vendor Advisory
4	http://php.net/ChangeLog-7.php	Release Notes Vendor Advisory
5	http://www.debian.org/security/2017/dsa-3938
6	http://www.debian.org/security/2017/dsa-3938
7	http://www.securityfocus.com/bid/99492	Third Party Advisory VDB Entry
8	http://www.securityfocus.com/bid/99492	Third Party Advisory VDB Entry
9	https://access.redhat.com/errata/RHSA-2018:0406
10	https://access.redhat.com/errata/RHSA-2018:0406
11	https://access.redhat.com/errata/RHSA-2018:1296
12	https://access.redhat.com/errata/RHSA-2018:1296
13	https://bugs.php.net/bug.php?id=74435	Patch Vendor Advisory
14	https://bugs.php.net/bug.php?id=74435	Patch Vendor Advisory
15	https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038	Issue Tracking Patch Vendor Advisory
16	https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038	Issue Tracking Patch Vendor Advisory
17	https://security.netapp.com/advisory/ntap-20180112-0001/
18	https://security.netapp.com/advisory/ntap-20180112-0001/
19	https://www.tenable.com/security/tns-2017-12
20	https://www.tenable.com/security/tns-2017-12

Common Vulnerabilities List