ALAS-2017-808

Description

Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.(CVE-2016-10168 )The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.(CVE-2016-10161 )Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.(CVE-2016-10160 )It was found that the exif_convert_any_to_int() function in PHP was vulnerable to floating point exceptions when parsing tags in image files. A remote attacker with the ability to upload a malicious image could crash PHP, causing a Denial of Service.(CVE-2016-10158 )Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.(CVE-2016-10159 )The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.(CVE-2016-10167 )

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
php56 php56-5.6.30-1.133.amzn1.src
php56 php56-5.6.30-1.133.amzn1.i686
php56 php56-5.6.30-1.133.amzn1.x86_64
php56-bcmath php56-bcmath-5.6.30-1.133.amzn1.i686
php56-bcmath php56-bcmath-5.6.30-1.133.amzn1.x86_64
php56-cli php56-cli-5.6.30-1.133.amzn1.x86_64
php56-cli php56-cli-5.6.30-1.133.amzn1.i686
php56-common php56-common-5.6.30-1.133.amzn1.x86_64
php56-common php56-common-5.6.30-1.133.amzn1.i686
php56-dba php56-dba-5.6.30-1.133.amzn1.i686
php56-dba php56-dba-5.6.30-1.133.amzn1.x86_64
php56-dbg php56-dbg-5.6.30-1.133.amzn1.i686
php56-dbg php56-dbg-5.6.30-1.133.amzn1.x86_64
php56-debuginfo php56-debuginfo-5.6.30-1.133.amzn1.i686
php56-debuginfo php56-debuginfo-5.6.30-1.133.amzn1.x86_64
php56-devel php56-devel-5.6.30-1.133.amzn1.i686
php56-devel php56-devel-5.6.30-1.133.amzn1.x86_64
php56-embedded php56-embedded-5.6.30-1.133.amzn1.i686
php56-embedded php56-embedded-5.6.30-1.133.amzn1.x86_64
php56-enchant php56-enchant-5.6.30-1.133.amzn1.x86_64
php56-enchant php56-enchant-5.6.30-1.133.amzn1.i686
php56-fpm php56-fpm-5.6.30-1.133.amzn1.i686
php56-fpm php56-fpm-5.6.30-1.133.amzn1.x86_64
php56-gd php56-gd-5.6.30-1.133.amzn1.i686
php56-gd php56-gd-5.6.30-1.133.amzn1.x86_64
php56-gmp php56-gmp-5.6.30-1.133.amzn1.x86_64
php56-gmp php56-gmp-5.6.30-1.133.amzn1.i686
php56-imap php56-imap-5.6.30-1.133.amzn1.x86_64
php56-imap php56-imap-5.6.30-1.133.amzn1.i686
php56-intl php56-intl-5.6.30-1.133.amzn1.i686
php56-intl php56-intl-5.6.30-1.133.amzn1.x86_64
php56-ldap php56-ldap-5.6.30-1.133.amzn1.i686
php56-ldap php56-ldap-5.6.30-1.133.amzn1.x86_64
php56-mbstring php56-mbstring-5.6.30-1.133.amzn1.i686
php56-mbstring php56-mbstring-5.6.30-1.133.amzn1.x86_64
php56-mcrypt php56-mcrypt-5.6.30-1.133.amzn1.x86_64
php56-mcrypt php56-mcrypt-5.6.30-1.133.amzn1.i686
php56-mssql php56-mssql-5.6.30-1.133.amzn1.x86_64
php56-mssql php56-mssql-5.6.30-1.133.amzn1.i686
php56-mysqlnd php56-mysqlnd-5.6.30-1.133.amzn1.i686
php56-mysqlnd php56-mysqlnd-5.6.30-1.133.amzn1.x86_64
php56-odbc php56-odbc-5.6.30-1.133.amzn1.i686
php56-odbc php56-odbc-5.6.30-1.133.amzn1.x86_64
php56-opcache php56-opcache-5.6.30-1.133.amzn1.i686
php56-opcache php56-opcache-5.6.30-1.133.amzn1.x86_64
php56-pdo php56-pdo-5.6.30-1.133.amzn1.x86_64
php56-pdo php56-pdo-5.6.30-1.133.amzn1.i686
php56-pgsql php56-pgsql-5.6.30-1.133.amzn1.i686
php56-pgsql php56-pgsql-5.6.30-1.133.amzn1.x86_64
php56-process php56-process-5.6.30-1.133.amzn1.x86_64
php56-process php56-process-5.6.30-1.133.amzn1.i686
php56-pspell php56-pspell-5.6.30-1.133.amzn1.i686
php56-pspell php56-pspell-5.6.30-1.133.amzn1.x86_64
php56-recode php56-recode-5.6.30-1.133.amzn1.x86_64
php56-recode php56-recode-5.6.30-1.133.amzn1.i686
php56-snmp php56-snmp-5.6.30-1.133.amzn1.i686
php56-snmp php56-snmp-5.6.30-1.133.amzn1.x86_64
php56-soap php56-soap-5.6.30-1.133.amzn1.i686
php56-soap php56-soap-5.6.30-1.133.amzn1.x86_64
php56-tidy php56-tidy-5.6.30-1.133.amzn1.i686
php56-tidy php56-tidy-5.6.30-1.133.amzn1.x86_64
php56-xml php56-xml-5.6.30-1.133.amzn1.x86_64
php56-xml php56-xml-5.6.30-1.133.amzn1.i686
php56-xmlrpc php56-xmlrpc-5.6.30-1.133.amzn1.x86_64
php56-xmlrpc php56-xmlrpc-5.6.30-1.133.amzn1.i686