Description
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress.com Custom CSS Cross-Site Scripting (1.5)
WordPress Plugin Platinum SEO Pack Cross-Site Scripting (1.3.7)
WordPress Plugin Tickera-WordPress Event Ticketing Cross-Site Request Forgery (3.4.9.9)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000398)
Oracle Application Server Other Vulnerability (CVE-2006-5353)