CVE-2019-11038

Name
CVE-2019-11038
Description
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://bugs.php.net/bug.php?id=77973
Mailing List https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html
Exploit https://bugzilla.redhat.com/show_bug.cgi?id=1724149
Exploit https://bugzilla.suse.com/show_bug.cgi?id=1140120
Mailing List https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821
Exploit https://github.com/libgd/libgd/issues/501
Exploit https://bugzilla.redhat.com/show_bug.cgi?id=1724432
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/
Exploit https://bugzilla.suse.com/show_bug.cgi?id=1140118
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2519
Mailing List https://seclists.org/bugtraq/2019/Sep/38
Third Party Advisory https://www.debian.org/security/2019/dsa-4529
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3299
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
Third Party Advisory https://usn.ubuntu.com/4316-2/
Third Party Advisory https://usn.ubuntu.com/4316-1/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:* libgd == None == 2.2.5
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 7.1.0 < 7.1.30
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 7.2.0 < 7.2.19
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 7.3.0 < 7.3.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gd edge-main 2.3.0-r0 None fixed
gd 3.22-main 2.3.0-r0 None fixed
gd 3.21-main 2.3.0-r0 None fixed
gd 3.20-main 2.3.0-r0 None fixed
gd 3.19-main 2.3.0-r0 None fixed
gd 3.18-main 2.3.0-r0 None fixed
gd 3.17-main 2.3.0-r0 None fixed
gd 3.12-main 2.3.0-r0 None fixed
gd 3.11-main 2.2.5-r3 Carlo Landmeter <clandmeter@gmail.com> fixed
gd 3.10-main 2.2.5-r3 Carlo Landmeter <clandmeter@gmail.com> fixed