| Revision Date: | 2016-09-11 | Version: | 1 | | Title: | CVE-2016-7126 on Ubuntu 16.04 LTS (xenial) - medium. | | Description: | The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2016-7126
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT libgd-tools package in xenial, while related to the CVE in some way, is not affected.
OR NOT libgd3 package in xenial, while related to the CVE in some way, is not affected.
OR NOT libapache2-mod-php7.0 package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT libphp7.0-embed package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0 package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-bcmath package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-bz2 package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-cgi package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-cli package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-common package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-curl package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-dba package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-enchant package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-fpm package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-gd package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-gmp package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-imap package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-interbase package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-intl package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-json package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-ldap package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-mbstring package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-mcrypt package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-mysql package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-odbc package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-opcache package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-pgsql package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-phpdbg package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-pspell package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-readline package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-recode package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-snmp package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-soap package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-sqlite3 package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-sybase package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-tidy package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-xml package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-xmlrpc package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-xsl package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
OR NOT php7.0-zip package in xenial, while related to the CVE in some way, is not affected (note: 'uses system gd').
|
|