{"id":"CVE-2016-10712","details":"In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a \"$uri = stream_get_meta_data(fopen($file, \"r\"))['uri']\" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.","modified":"2026-05-15T12:00:34.291486267Z","published":"2018-02-09T06:29:00.210Z","related":["SUSE-SU-2018:0530-1","SUSE-SU-2018:0806-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"14.04"},{"last_affected":"16.04"},{"last_affected":"17.10"}],"cpes":["cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"],"vendor_product":"canonical:ubuntu_linux"}]},"references":[{"type":"WEB","url":"https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=6297a117d77fa3a0df2e21ca926a92c231819cd5"},{"type":"WEB","url":"https://usn.ubuntu.com/3566-2/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3600-1/"},{"type":"FIX","url":"https://bugs.php.net/bug.php?id=71323"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}