{"id":"CVE-2016-10712","details":"In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a \"$uri = stream_get_meta_data(fopen($file, \"r\"))['uri']\" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.","modified":"2026-07-07T08:45:53.054216876Z","published":"2018-02-09T06:29:00.210Z","related":["SUSE-SU-2018:0530-1","SUSE-SU-2018:0806-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"14.04"},{"last_affected":"14.04"},{"introduced":"16.04"},{"last_affected":"16.04"},{"introduced":"17.10"},{"last_affected":"17.10"}],"source":"CPE_STRING","vendor_product":"canonical:ubuntu_linux"}]},"references":[{"type":"WEB","url":"https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=6297a117d77fa3a0df2e21ca926a92c231819cd5"},{"type":"WEB","url":"https://usn.ubuntu.com/3566-2/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3600-1/"},{"type":"FIX","url":"https://bugs.php.net/bug.php?id=71323"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"0"},{"last_affected":"6c78ce66de2a9c4f872ae67b967a5c6e2a8f6c47"},{"introduced":"fc1df8e7a6886e29a6ed5bef3f674ac61164e847"},{"last_affected":"e808a7687ecd82ea18d6a83cb1f003a84831c0e2"},{"introduced":"60fffd296abce5fc071f3c173c25a2696cf683c6"},{"last_affected":"038c63cdea0472176ec2fdb162cfbd96e8c5f83e"}],"database_specific":{"cpe":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"5.5.31"},{"introduced":"5.6.0"},{"last_affected":"5.6.17"},{"introduced":"7.0.0"},{"last_affected":"7.0.2"}],"source":"CPE_RANGE"}}],"versions":["php-5.6.17","php-5.6.17RC1","php-5.5.31","php-7.0.2","php-7.0.2RC1","POST_PHP7_NSAPI_REMOVAL","PRE_PHP7_NSAPI_REMOVAL","PRE_PHP7_EREG_MYSQL_REMOVALS","PRE_PHP7_REMOVALS","POST_PHP7_REMOVALS","POST_AST_MERGE","PRE_AST_MERGE","POST_64BIT_BRANCH_MERGE","PRE_64BIT_BRANCH_MERGE","POST_PHPNG_MERGE"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10712.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}