CVE-2019-11925

Name of the Vulnerable Software and Affected Versions HHVM versions prior to 3.30.9 HHVM versions 4.0.0 through 4.8.3 HHVM versions 4.9.0 through 4.15.2 HHVM versions 4.16.0 through 4.16.3 HHVM versions 4.17.0 through 4.17.2 HHVM versions 4.18.0 through 4.18.1 HHVM version 4.19.0 HHVM versions 4.20.0 through 4.20.1

Description The issue is caused by insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension, allowing access to out-of-bounds memory via a maliciously constructed invalid JPEG input.

Recommendations For HHVM versions prior to 3.30.9, update to version 3.30.9 or later. For HHVM versions 4.0.0 through 4.8.3, update to version 4.8.4 or later. For HHVM versions 4.9.0 through 4.15.2, update to version 4.15.3 or later. For HHVM versions 4.16.0 through 4.16.3, update to version 4.16.4 or later. For HHVM versions 4.17.0 through 4.17.2, update to version 4.17.3 or later. For HHVM versions 4.18.0 through 4.18.1, update to version 4.18.2 or later. For HHVM version 4.19.0, update to version 4.19.1 or later. For HHVM versions 4.20.0 through 4.20.1, update to version 4.20.2 or later.