QwikSec

Security Database

CVE

CWE

Training

CVE-2019-6977

Published: Jan 27, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://security.netapp.com/advisory/ntap-20190315-0003/

x_refsource_CONFIRM

http://php.net/ChangeLog-5.php

x_refsource_MISC

http://php.net/ChangeLog-7.php

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

[debian-lts-announce] 20190130 [SECURITY] [DLA 1651-1] libgd2 security update

mailing-list

x_refsource_MLIST

https://bugs.php.net/bug.php?id=77270

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_GENTOO

openSUSE-SU-2019:1148

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:1140

vendor-advisory

x_refsource_SUSE

exploit

x_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

FEDORA-2019-ab7d22a466

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-d7f8995451

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-7a06c0e6b4

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-e795f92d79

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2019-6977 - Security Vulnerability | QwikSec