Vulnerability CVE-2016-1903

Vulnerability Name:

CVE-2016-1903 (CCN-109469)

Assigned:

2016-01-07

Published:

2016-01-07

Updated:

2018-01-05

Summary:

The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.

CVSS v3 Severity:

9.1 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200
CWE-119

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2016-1903

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0251

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0366

Source: CCN
Type: RHSA-2016-2750
Moderate: rh-php56 security, bug fix, and enhancement update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:2750

Source: MLIST
Type: UNKNOWN
[oss-security] 20160115 [CVE Request] Multiple PHP issues

Source: CCN
Type: Oracle CPUJan2017
Oracle Critical Patch Update Advisory - January 2017

Source: CCN
Type: PHP Web site
Version 5.6.17

Source: CONFIRM
Type: Vendor Advisory
http://www.php.net/ChangeLog-5.php

Source: CONFIRM
Type: Vendor Advisory
http://www.php.net/ChangeLog-7.php

Source: BID
Type: UNKNOWN
79916

Source: CCN
Type: BID-79916
PHP 'gd_interpolation.c' Out of Bounds Read Memory Corruption Vulnerability

Source: SECTRACK
Type: UNKNOWN
1034608

Source: SLACKWARE
Type: UNKNOWN
SSA:2016-034-04

Source: UBUNTU
Type: UNKNOWN
USN-2952-1

Source: UBUNTU
Type: UNKNOWN
USN-2952-2

Source: CONFIRM
Type: Exploit
https://bugs.php.net/bug.php?id=70976

Source: XF
Type: UNKNOWN
php-gdimagerotateinterpolated-info-disc(109469)

Source: CONFIRM
Type: UNKNOWN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.5.30)

OR cpe:/a:php:php:5.6.0:alpha1:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:alpha2:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:alpha3:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:alpha4:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:alpha5:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.8:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.12:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.13:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.14:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.15:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.16:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.1:-:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:5.5.30:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.16:-:*:*:*:*:*:*

OR cpe:/a:php:php:7.0.1:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20161903	V	CVE-2016-1903	2022-09-02
oval:org.opensuse.security:def:9680	P	Security update for libsndfile (Important)	2022-01-11
oval:org.opensuse.security:def:10438	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:9884	P	Security update for go1.17 (Moderate)	2021-12-23
oval:org.opensuse.security:def:9634	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:10371	P	Security update for the Linux Kernel (Important)	2021-12-02
oval:org.opensuse.security:def:10175	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:9612	P	Security update for MozillaFirefox (Important)	2021-11-10
oval:org.opensuse.security:def:10169	P	Security update for Salt (Moderate)	2021-10-27
oval:org.opensuse.security:def:9604	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:10162	P	Security update for glibc (Moderate)	2021-10-12
oval:org.opensuse.security:def:10153	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:10147	P	Security update for xerces-c (Important)	2021-09-02
oval:org.opensuse.security:def:11120	P	Security update for libspf2 (Critical)	2021-08-25
oval:org.opensuse.security:def:10139	P	Security update for djvulibre (Important)	2021-08-20
oval:org.opensuse.security:def:13912	P	libipa_hbac0-1.13.4-18.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14213	P	libass5-0.10.2-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14188	P	libQt5Concurrent5-5.6.2-5.9 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14095	P	bind-9.9.9P1-62.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14076	P	aaa_base-13.2+git20140911.61c1681-36.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14058	P	wpa_supplicant-2.2-14.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14941	P	lcms2-2.7-9.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14010	P	powerpc-utils-1.3.2-17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14919	P	gvim-7.4.326-17.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13942	P	libpng16-16-1.6.8-11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14281	P	libpython3_4m1_0-3.4.6-24.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13920	P	libksba8-1.3.0-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14268	P	libotr5-4.0.0-9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14257	P	libmpfr4-3.1.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:9761	P	Security update for nodejs8 (Important)	2021-08-05
oval:org.opensuse.security:def:11098	P	Security update for claws-mail (Moderate)	2021-07-16
oval:org.opensuse.security:def:10296	P	Security update for go1.15 (Important)	2021-06-30
oval:org.opensuse.security:def:9742	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:10111	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:10277	P	Security update for spice-gtk (Moderate)	2021-06-10
oval:org.opensuse.security:def:9727	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:17193	P	libosip2-3.5.0-20.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17171	P	gstreamer-0_10-plugins-base-0.10.36-17.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17159	P	dia-0.97.3-15.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16634	P	php5-devel-5.5.14-109.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124640	P	php5-devel-5.5.14-109.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16538	P	libmodplug-devel-0.8.9.0+git20170610.f6dd59a-15.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16098	P	php5-devel-5.5.14-73.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16665	P	wavpack-4.60.99-5.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16580	P	libsoup-devel-2.62.2-5.7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17022	P	libqt4-sql-mysql-32bit-4.8.6-2.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16546	P	libnettle-devel-2.7.1-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17000	P	finch-2.10.9-5.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16348	P	php5-devel-5.5.14-108.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17102	P	freerdp-2.0.0~git.1463131968.4e66df7-11.69 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17070	P	libpcsclite1-32bit-1.8.10-3.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10086	P	Security update for dhcp (Important)	2021-06-02
oval:org.opensuse.security:def:10262	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:9862	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:9861	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:10215	P	Security update for python-cryptography (Important)	2021-03-03
oval:org.opensuse.security:def:9854	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:10396	P	Security update for php7 (Important)	2021-02-24
oval:org.opensuse.security:def:9836	P	Security update for subversion (Important)	2021-02-10
oval:org.opensuse.security:def:10585	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:16960	P	quagga-devel-1.1.1-17.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16924	P	libzzip-0-13-0.13.67-10.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16893	P	libssh-devel-0.8.7-1.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16836	P	libjson-c-devel-0.11-2.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16751	P	gtk2-devel-2.24.31-9.6.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16717	P	eog-devel-3.20.4-7.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16931	P	mysql-connector-java-5.1.42-5.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16899	P	libtcnative-1-0-devel-1.2.23-3.3.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16789	P	libapparmor-devel-2.8.2-51.18.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16753	P	gwenhywfar-devel-4.9.0beta-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16722	P	flac-devel-1.3.0-11.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16709	P	dbus-1-devel-1.8.22-9.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16988	P	xorg-x11-server-sdk-1.19.6-8.18 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17857	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:17831	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:37919	P	libmpfr4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38621	P	ibus-chewing on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38562	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38402	P	libxerces-c-3_1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10460	P	lhasa-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38312	P	libjson-c2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10447	P	gnome-settings-daemon-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38254	P	libXfont2-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39461	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38152	P	cpio on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39419	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:38015	P	p7zip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38781	P	python-cupshelpers on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37931	P	libopenssl1_1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38737	P	libudisks2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37920	P	libmspack0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38709	P	libpcsclite1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38670	P	libgc1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10563	P	libxcb-composite0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9925	P	libtasn1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9912	P	libqt4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9903	P	libpng15-15 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17686	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:17660	P	Recommended update for libksba (Moderate)	2020-12-01
oval:org.opensuse.security:def:10011	P	vsftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9992	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9977	P	python-pywbem on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10835	P	php5-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9930	P	libupsclient1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10813	P	libxml2-devel on GA media (Moderate)	2020-12-01
oval:com.ubuntu.precise:def:20161903000	V	CVE-2016-1903 on Ubuntu 12.04 LTS (precise) - low.	2016-01-19
oval:com.ubuntu.xenial:def:201619030000000	V	CVE-2016-1903 on Ubuntu 16.04 LTS (xenial) - low.	2016-01-19
oval:com.ubuntu.trusty:def:20161903000	V	CVE-2016-1903 on Ubuntu 14.04 LTS (trusty) - low.	2016-01-19
oval:com.ubuntu.xenial:def:20161903000	V	CVE-2016-1903 on Ubuntu 16.04 LTS (xenial) - low.	2016-01-19

BACK