MGASA-2017-0246

Advisory lineage Upstream: 6 Downstream: 0

Upstream

CVE-2017-7890 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229

Published: 07 Aug 2017, 22:16

Last modified:16 Apr 2026, 06:23

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

07 Aug 2017, 22:16

Published

Vulnerability first disclosed

16 Apr 2026, 06:23

Last Modified

Vulnerability information updated

Description

Updated php and libgd packages fix security vulnerabilities Buffer over-read into uninitialized memory in libgd (CVE-2017-7890). Security issues from bundled oniguruma in php-mbstring (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229).

Affected Systems

mageia•libgd
< 2.2.4-1.2.mga5
mageia•php
< 5.6.31-1.mga5
mageia•libgd
< 2.2.4-3.1.mga6
mageia•php
< 5.6.31-1.mga6

References (3)

https://advisories.mageia.org/MGASA-2017-0246.html
https://bugs.mageia.org/show_bug.cgi?id=21316
http://php.net/ChangeLog-5.php#5.6.31