CVE-2016-1903

NameCVE-2016-1903
DescriptionThe gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs835032

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
hhvm (PTS)sid3.24.7+dfsg-2fixed
php5 (PTS)jessie5.6.33+dfsg-0+deb8u1fixed
jessie (security)5.6.38+dfsg-0+deb8u1fixed
php7.0 (PTS)stretch (security), stretch7.0.30-0+deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
hhvmsource(unstable)3.12.11+dfsg-1medium835032
php5source(unstable)5.6.17+dfsg-1medium
php5sourcejessie5.6.14+dfsg-0+deb8u1medium
php5sourcesqueeze(not affected)
php5sourcewheezy(not affected)
php5.6source(unstable)5.6.17+dfsg-1medium
php7.0source(unstable)7.0.2-1medium

Notes

[wheezy] - php5 <not-affected> (Vulnerable code not present)
[squeeze] - php5 <not-affected> (Vulnerable code not present, check in gdImageRotate() already available)
https://bugs.php.net/bug.php?id=70976
https://git.php.net/?p=php-src.git;a=commit;h=4b8394dd78571826ac66a69dc240c623f31d78f8
Fix in HHVM: https://github.com/facebook/hhvm/commit/f91abcc3b156823688c54158fc4fa36d87570afe

Search for package or bug name: Reporting problems