CVE-2019-11038

CVE-2019-11038

Name

CVE-2019-11038

Description

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://bugs.php.net/bug.php?id=77973
Mailing List	https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html
Exploit	https://bugzilla.redhat.com/show_bug.cgi?id=1724149
Exploit	https://bugzilla.suse.com/show_bug.cgi?id=1140120
Mailing List	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821
Exploit	https://github.com/libgd/libgd/issues/501
Exploit	https://bugzilla.redhat.com/show_bug.cgi?id=1724432
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/
Exploit	https://bugzilla.suse.com/show_bug.cgi?id=1140118
Third Party Advisory	https://access.redhat.com/errata/RHSA-2019:2519
Mailing List	https://seclists.org/bugtraq/2019/Sep/38
Third Party Advisory	https://www.debian.org/security/2019/dsa-4529
Third Party Advisory	https://access.redhat.com/errata/RHSA-2019:3299
Mailing List	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
Third Party Advisory	https://usn.ubuntu.com/4316-2/
Third Party Advisory	https://usn.ubuntu.com/4316-1/

Type

URI

Vendor Advisory

https://bugs.php.net/bug.php?id=77973

Mailing List

https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=1724149

Exploit

https://bugzilla.suse.com/show_bug.cgi?id=1140120

Mailing List

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821

Exploit

https://github.com/libgd/libgd/issues/501

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=1724432

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/

Exploit

https://bugzilla.suse.com/show_bug.cgi?id=1140118

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2519

Mailing List

https://seclists.org/bugtraq/2019/Sep/38

Third Party Advisory

https://www.debian.org/security/2019/dsa-4529

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3299

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/

Third Party Advisory

https://usn.ubuntu.com/4316-2/

Third Party Advisory

https://usn.ubuntu.com/4316-1/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libgd:libgd:2.2.5:::::::*`	libgd	== None	== 2.2.5
`cpe:2.3:a:php:php::::::::`	php	>= 7.1.0	< 7.1.30
`cpe:2.3:a:php:php::::::::`	php	>= 7.2.0	< 7.2.19
`cpe:2.3:a:php:php::::::::`	php	>= 7.3.0	< 7.3.6

CPE URI

Source package

Min version

Max version

cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:*

libgd

== None

== 2.2.5

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

php

>= 7.1.0

< 7.1.30

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

php

>= 7.2.0

< 7.2.19

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

php

>= 7.3.0

< 7.3.6

Source package	Branch	Version	Maintainer	Status
gd	3.10-main	2.2.5-r3	Carlo Landmeter <clandmeter@gmail.com>	fixed

Source package

Branch

Version

Maintainer

Status

3.10-main

2.2.5-r3

Carlo Landmeter <clandmeter@gmail.com>

fixed

References

Match rules

Vulnerable and fixed packages