CVE-2019-6977

Name of the Vulnerable Software and Affected Versions The GD Graphics Library versions 2.2.5 and earlier PHP versions prior to 5.6.40 PHP versions 7.x prior to 7.1.26 PHP versions 7.2.x prior to 7.2.14 PHP versions 7.3.x prior to 7.3.1

Description The issue is caused by a heap-based buffer overflow in the gdImageColorMatch function of the GD Graphics Library. This can be exploited by a remote attacker who can trigger imagecolormatch calls with specially crafted image data, potentially allowing the attacker to initiate malicious actions.

Recommendations For The GD Graphics Library version 2.2.5, update to a version later than 2.2.5. For PHP version 5.6.x, update to version 5.6.40 or later. For PHP version 7.x, update to version 7.1.26 or later. For PHP version 7.2.x, update to version 7.2.14 or later. For PHP version 7.3.x, update to version 7.3.1 or later. As a temporary workaround, consider restricting the use of the imagecolormatch function until a patch is available.