PT-2019-5039 · Php+4 · Php+4

Cmb

·

Published

2019-05-05

·

Updated

2024-06-15

·

CVE-2019-11038

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions GD Graphics Library versions 2.2.5 PHP versions 7.1.x through 7.1.29 PHP versions 7.2.x through 7.2.18 PHP versions 7.3.x through 7.3.5
Description The issue is related to the gdImageCreateFromXbm() function in the GD Graphics Library, which is used in the PHP GD extension. It is caused by a lack of input validation, allowing a remote attacker to supply data that may lead to the disclosure of contents of the stack left by previous code. This can potentially allow unauthorized access to information.
Recommendations For PHP versions 7.1.x through 7.1.29, update to version 7.1.30 or later. For PHP versions 7.2.x through 7.2.18, update to version 7.2.19 or later. For PHP versions 7.3.x through 7.3.5, update to version 7.3.6 or later. As a temporary workaround, consider disabling the gdImageCreateFromXbm() function until a patch is available.

Exploit

Fix

RCE

Use of Uninitialized Resource

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-457CWE-908CWE-119

Related Identifiers

ALT-PU-2019-1944
ALT-PU-2019-1959
BDU:2020-01632
BDU:2020-01676
CVE-2019-11038
DLA-1817-1
DSA-4529-1
MGASA-2020-0134
OESA-2022-1556
OPENSUSE-SU-2020:0332-1
OPENSUSE-SU-2020_0332-1
OPENSUSE-SU-2024:10777-1
RHSA-2019:2519
RHSA-2019:3299
SUSE-SU-2019:14158-1
SUSE-SU-2019:2243-1
SUSE-SU-2019_14158-1
SUSE-SU-2019_2243-1
SUSE-SU-2020:0594-1
SUSE-SU-2020:0594-2
SUSE-SU-2020:0623-1
USN-4316-1
USN-4316-2

Affected Products

Alt Linux
Gd Graphics Library
Php
Suse
Ubuntu