PT-2019-5039 · Php+4 · Php+4

Cmb

Publicado

2019-05-05

Atualizado

2024-06-15

CVE-2019-11038

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions GD Graphics Library versions 2.2.5 PHP versions 7.1.x through 7.1.29 PHP versions 7.2.x through 7.2.18 PHP versions 7.3.x through 7.3.5

Description The issue is related to the gdImageCreateFromXbm() function in the GD Graphics Library, which is used in the PHP GD extension. It is caused by a lack of input validation, allowing a remote attacker to supply data that may lead to the disclosure of contents of the stack left by previous code. This can potentially allow unauthorized access to information.

Recommendations For PHP versions 7.1.x through 7.1.29, update to version 7.1.30 or later. For PHP versions 7.2.x through 7.2.18, update to version 7.2.19 or later. For PHP versions 7.3.x through 7.3.5, update to version 7.3.6 or later. As a temporary workaround, consider disabling the gdImageCreateFromXbm() function until a patch is available.

Exploit

Correção

RCE

Use of Uninitialized Resource

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-457CWE-908CWE-119

Identificadores relacionados

ALT-PU-2019-1944

ALT-PU-2019-1959

BDU:2020-01632

BDU:2020-01676

CVE-2019-11038

DLA-1817-1

DSA-4529-1

MGASA-2020-0134

OESA-2022-1556

OPENSUSE-SU-2020:0332-1

OPENSUSE-SU-2020_0332-1

OPENSUSE-SU-2024:10777-1

RHSA-2019:2519

RHSA-2019:3299

SUSE-SU-2019:14158-1

SUSE-SU-2019:2243-1

SUSE-SU-2019_14158-1

SUSE-SU-2019_2243-1

SUSE-SU-2020:0594-1

SUSE-SU-2020:0594-2

SUSE-SU-2020:0623-1

USN-4316-1

USN-4316-2

Produtos afetados

Alt Linux

Gd Graphics Library

Php

Suse

Ubuntu

PT-2019-5039 · Php+4 · Php+4

CVE-2019-11038

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 98