Integer underflow in php7 (Alpine package)

Published: 2016-05-23

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2016-10166
CWE-ID	CWE-191
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	php7 (Alpine package) Operating systems & Components / Operating system package or component
Vendor	Alpine Linux Development Team

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Integer underflow

EUVDB-ID: #VU7574

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-10166

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack and potentially compromise vulnerable system.

The vulnerability exists due to integer underflow when decrementing the "u" variable in _gdContributionsAlloc() function in gd_interpolation.c. A remote attacker create a specially crafted image file, trigger memory corruption and crash the affected application or execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

php7 (Alpine package): 7.1.9-r0 - 7.1.17-r0

CPE2.3

External links

http://git.alpinelinux.org/aports/commit/?id=195c4dea4525cc85ef4ab449d2c739b6b5081b48
http://git.alpinelinux.org/aports/commit/?id=d42b915a2245405763bb485ededfbdb01393f109
http://git.alpinelinux.org/aports/commit/?id=1b8dc16a8d83cea1a0638ca75a327f234049e6fd
http://git.alpinelinux.org/aports/commit/?id=08114de6e0da35db211984405c8d9043e426ea58
http://git.alpinelinux.org/aports/commit/?id=87a5a2c48f6c4e068c31ba4ba9665d05a4a88682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.