CVE-2016-7128

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-7128
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7128.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-7128
Downstream
Related
Published
2016-09-12T01:59:06.770Z
Modified
2026-03-10T14:12:40.440780Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

The exifprocessIFDinTIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
38980c9ea4156ce52a53f9f3e1007ea3d787fa11
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
60fffd296abce5fc071f3c173c25a2696cf683c6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4054ec69da7631046f19d54ab06f09728a208b8b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
038c63cdea0472176ec2fdb162cfbd96e8c5f83e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4e1b8701573698f56e12672e4991d7e6239138d2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e09845d32614a19188632f410316478fbb440ebd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
249a8fd9ae2324c84ede7ecfca6f6026e6d87df6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
734a5fca2c4731e34eca551f28be9a10ffc3f3c9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fb59213fc461f079bc218abf44cb5e2b4db2182c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a36407215f69ba2debf77933dcb3faa0c3ba2d04
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9d582eba7448f1495fae62b13d95d2844ce6b28a
Fixed
6dbb1ee46b5f4725cc6519abf91e512a2a10dfed
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.6.24"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.9"
        }
    ]
}

Affected versions

Other
NEWS
NEWS-cvs2svn
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_NATIVE_TLS_MERGE
POST_PHP7_EREG_MYSQL_REMOVALS
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_NATIVE_TLS_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
PRE_PHPNG_MERGE
php-5.*
php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
php-5.6.18RC1
php-5.6.19RC1
php-5.6.22RC1
php-5.6.23RC1
php-5.6.24
php-5.6.24RC1
php-7.*
php-7.0.0
php-7.0.0RC1
php-7.0.0RC2
php-7.0.0RC3
php-7.0.0RC4
php-7.0.0RC5
php-7.0.0RC6
php-7.0.0RC7
php-7.0.0RC8
php-7.0.0alpha1
php-7.0.0alpha2
php-7.0.0beta1
php-7.0.0beta2
php-7.0.0beta3
php-7.0.1
php-7.0.1RC1
php-7.0.2
php-7.0.2RC1
php-7.0.3
php-7.0.3RC1
php-7.0.4
php-7.0.4RC1
php-7.0.5
php-7.0.5RC1
php-7.0.6
php-7.0.6RC1
php-7.0.7
php-7.0.7RC1
php-7.0.8
php-7.0.8RC1
php-7.0.9
php-7.0.9RC1

Database specific

vanir_signatures 
[
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2016-7128-a782b938",
        "target": {
            "file": "ext/exif/exif.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "113995618109138763489426236600846229519",
                "207010564147224868569939080510464845863",
                "12225492273767835515959966646041988909",
                "199120476063143625235472752618703837168",
                "211446056386641717420862799601742907394",
                "55640858025059606115613149648190827300"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/php/php-src/commit/6dbb1ee46b5f4725cc6519abf91e512a2a10dfed"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2016-7128-b22bc4ec",
        "target": {
            "file": "ext/exif/exif.c",
            "function": "exif_process_IFD_in_TIFF"
        },
        "digest": {
            "length": 7964.0,
            "function_hash": "215008229581677938185334749663650265429"
        },
        "signature_version": "v1",
        "source": "https://github.com/php/php-src/commit/6dbb1ee46b5f4725cc6519abf91e512a2a10dfed"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7128.json"