PT-2019-1693 · Php+8 · Php+8

Cfreal

+1

·

Published

2018-12-09

·

Updated

2024-06-15

·

CVE-2019-6977

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions The GD Graphics Library versions 2.2.5 and earlier PHP versions prior to 5.6.40 PHP versions 7.x prior to 7.1.26 PHP versions 7.2.x prior to 7.2.14 PHP versions 7.3.x prior to 7.3.1
Description The issue is caused by a heap-based buffer overflow in the gdImageColorMatch function of the GD Graphics Library. This can be exploited by a remote attacker who can trigger imagecolormatch calls with specially crafted image data, potentially allowing the attacker to initiate malicious actions.
Recommendations For The GD Graphics Library version 2.2.5, update to a version later than 2.2.5. For PHP version 5.6.x, update to version 5.6.40 or later. For PHP version 7.x, update to version 7.1.26 or later. For PHP version 7.2.x, update to version 7.2.14 or later. For PHP version 7.3.x, update to version 7.3.1 or later. As a temporary workaround, consider restricting the use of the imagecolormatch function until a patch is available.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALSA-2020:4659
ALT-PU-2019-1060
BDU:2019-01287
CESA-2020_4659
CVE-2019-6977
DLA-1651-1
DLA-1679-1
DSA-4384-1
MGASA-2019-0073
OPENSUSE-SU-2019:1148-1
OPENSUSE-SU-2019_0207-1
OPENSUSE-SU-2019_0276-1
OPENSUSE-SU-2019_1140-1
OPENSUSE-SU-2019_1148-1
OPENSUSE-SU-2024:10777-1
OPENSUSE-SU-2024:11852-1
RHSA-2019:2519
RHSA-2019:3299
RHSA-2020:4659
RHSA-2020_4659
RLSA-2020:4659
SUSE-SU-2019:0333-1
SUSE-SU-2019:0449-1
SUSE-SU-2019:0747-1
SUSE-SU-2019:0771-1
SUSE-SU-2019:13961-1
SUSE-SU-2019_0449-1
SUSE-SU-2019_0747-1
SUSE-SU-2019_0771-1
SUSE-SU-2019_13961-1
USN-3900-1

Affected Products

Alt Linux
Almalinux
Centos
Gd Graphics Library
Php
Red Hat
Rocky Linux
Suse
Ubuntu