| VID |
22904 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.40. It is, therefore, affected by multiple vulnerabilities:
- An integer underflow condition exists in _gdContributionsAlloc function in gd_interpolation.c. An unauthenticated, remote attacker can have unspecified impact via vectors related to decrementing the u variable.
(CVE-2016-10166)
- A heap-based buffer overflow condition exists in gdImageColorMatch due to improper calculation of the allocated buffer size. An attacker can exploit this, via calling imagecolormatch function with crafted image data as parameters.
(CVE-2019-6977)
* References:
http://php.net/ChangeLog-7.php#5.6.40
* Platforms Affected:
PHP Prior to 5.6.40
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP (5.6.40 or later), available from the PHP web site at http://www.php.net/downloads.php |
| Related URL |
CVE-2016-10166,CVE-2019-6977 (CVE) |
| Related URL |
95869,106731 (SecurityFocus) |
| Related URL |
(ISS) |
|
