PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2017-7890

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd) as used in PHP before 5.6.31 and 7.x before 7.1.7 does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read 700 bytes from the top of the stack potentially disclosing sensitive information.