Action not permitted
Modal body text goes here.
Modal Title
Modal Body
alsa-2020:4659
Vulnerability from osv_almalinux
Published
2020-11-03 12:24
Modified
2021-11-12 10:20
Summary
Moderate: gd security update
Details
GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats.
Security Fix(es):
-
gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977)
-
gd: NULL pointer dereference in gdImageClone (CVE-2018-14553)
-
gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.5-7.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "gd-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.5-7.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. \n\nSecurity Fix(es):\n\n* gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977)\n\n* gd: NULL pointer dereference in gdImageClone (CVE-2018-14553)\n\n* gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2020:4659",
"modified": "2021-11-12T10:20:55Z",
"published": "2020-11-03T12:24:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2020-4659.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-14553"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-6977"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-6978"
}
],
"related": [
"CVE-2019-6977",
"CVE-2018-14553",
"CVE-2019-6978"
],
"summary": "Moderate: gd security update"
}
CVE-2018-14553 (GCVE-0-2018-14553)
Vulnerability from cvelistv5 – Published: 2020-02-11 00:00 – Updated: 2024-08-05 09:29
VLAI?
EPSS
Summary
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599032"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libgd/libgd/pull/580"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f"
},
{
"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2106-1] libgd2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0332",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"
},
{
"name": "FEDORA-2020-e795f92d79",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
},
{
"name": "USN-4316-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4316-2/"
},
{
"name": "USN-4316-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4316-1/"
},
{
"name": "[debian-lts-announce] 20240406 [SECURITY] [DLA 3781-1] libgd2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T00:06:02.086Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599032"
},
{
"url": "https://github.com/libgd/libgd/pull/580"
},
{
"url": "https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f"
},
{
"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2106-1] libgd2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0332",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"
},
{
"name": "FEDORA-2020-e795f92d79",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
},
{
"name": "USN-4316-2",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4316-2/"
},
{
"name": "USN-4316-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4316-1/"
},
{
"name": "[debian-lts-announce] 20240406 [SECURITY] [DLA 3781-1] libgd2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14553",
"datePublished": "2020-02-11T00:00:00.000Z",
"dateReserved": "2018-07-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:29:51.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6978 (GCVE-0-2019-6978)
Vulnerability from cvelistv5 – Published: 2019-01-28 07:00 – Updated: 2024-08-04 20:38
VLAI?
EPSS
Summary
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:32.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae"
},
{
"name": "USN-3900-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3900-1/"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1651-1] libgd2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libgd/libgd/issues/492"
},
{
"name": "DSA-4384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4384"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0"
},
{
"name": "GLSA-201903-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-18"
},
{
"name": "openSUSE-SU-2019:1148",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1140",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html"
},
{
"name": "RHSA-2019:2722",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2722"
},
{
"name": "FEDORA-2019-ab7d22a466",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/"
},
{
"name": "FEDORA-2019-d7f8995451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/"
},
{
"name": "FEDORA-2019-7a06c0e6b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/"
},
{
"name": "FEDORA-2020-e795f92d79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-31T01:06:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae"
},
{
"name": "USN-3900-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3900-1/"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1651-1] libgd2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libgd/libgd/issues/492"
},
{
"name": "DSA-4384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4384"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0"
},
{
"name": "GLSA-201903-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-18"
},
{
"name": "openSUSE-SU-2019:1148",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1140",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html"
},
{
"name": "RHSA-2019:2722",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2722"
},
{
"name": "FEDORA-2019-ab7d22a466",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/"
},
{
"name": "FEDORA-2019-d7f8995451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/"
},
{
"name": "FEDORA-2019-7a06c0e6b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/"
},
{
"name": "FEDORA-2020-e795f92d79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae",
"refsource": "MISC",
"url": "https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae"
},
{
"name": "USN-3900-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3900-1/"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1651-1] libgd2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html"
},
{
"name": "https://github.com/libgd/libgd/issues/492",
"refsource": "MISC",
"url": "https://github.com/libgd/libgd/issues/492"
},
{
"name": "DSA-4384",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4384"
},
{
"name": "https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0",
"refsource": "MISC",
"url": "https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0"
},
{
"name": "GLSA-201903-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-18"
},
{
"name": "openSUSE-SU-2019:1148",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1140",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html"
},
{
"name": "RHSA-2019:2722",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2722"
},
{
"name": "FEDORA-2019-ab7d22a466",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/"
},
{
"name": "FEDORA-2019-d7f8995451",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/"
},
{
"name": "FEDORA-2019-7a06c0e6b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/"
},
{
"name": "FEDORA-2020-e795f92d79",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6978",
"datePublished": "2019-01-28T07:00:00.000Z",
"dateReserved": "2019-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:38:32.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6977 (GCVE-0-2019-6977)
Vulnerability from cvelistv5 – Published: 2019-01-27 02:00 – Updated: 2024-08-04 20:38
VLAI?
EPSS
Summary
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:32.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106731"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190315-0003/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://php.net/ChangeLog-7.php"
},
{
"name": "USN-3900-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3900-1/"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1651-1] libgd2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77270"
},
{
"name": "DSA-4384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4384"
},
{
"name": "GLSA-201903-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-18"
},
{
"name": "openSUSE-SU-2019:1148",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1140",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html"
},
{
"name": "46677",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46677/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "FEDORA-2019-ab7d22a466",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/"
},
{
"name": "FEDORA-2019-d7f8995451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/"
},
{
"name": "FEDORA-2019-7a06c0e6b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/"
},
{
"name": "FEDORA-2020-e795f92d79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-31T01:06:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106731"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190315-0003/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://php.net/ChangeLog-7.php"
},
{
"name": "USN-3900-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3900-1/"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1651-1] libgd2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=77270"
},
{
"name": "DSA-4384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4384"
},
{
"name": "GLSA-201903-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-18"
},
{
"name": "openSUSE-SU-2019:1148",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1140",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html"
},
{
"name": "46677",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46677/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "FEDORA-2019-ab7d22a466",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/"
},
{
"name": "FEDORA-2019-d7f8995451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/"
},
{
"name": "FEDORA-2019-7a06c0e6b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/"
},
{
"name": "FEDORA-2020-e795f92d79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106731"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190315-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190315-0003/"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "MISC",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "http://php.net/ChangeLog-7.php",
"refsource": "MISC",
"url": "http://php.net/ChangeLog-7.php"
},
{
"name": "USN-3900-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3900-1/"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1651-1] libgd2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html"
},
{
"name": "https://bugs.php.net/bug.php?id=77270",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77270"
},
{
"name": "DSA-4384",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4384"
},
{
"name": "GLSA-201903-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-18"
},
{
"name": "openSUSE-SU-2019:1148",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1140",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html"
},
{
"name": "46677",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46677/"
},
{
"name": "http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "FEDORA-2019-ab7d22a466",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/"
},
{
"name": "FEDORA-2019-d7f8995451",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/"
},
{
"name": "FEDORA-2019-7a06c0e6b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/"
},
{
"name": "FEDORA-2020-e795f92d79",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6977",
"datePublished": "2019-01-27T02:00:00.000Z",
"dateReserved": "2019-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:38:32.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…