Russian Vulnerability Scanner Database

Back to List

CVE-2019-6977

Scores

EPSS

0.863high86.3%
0%20%40%60%80%100%

Percentile: 86.3%

CVSS

6.3medium3.x
0246810

CVSS Score: 6.3/10

All CVSS Scores

CVSS 3.x
6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0
6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

astradebiannvdredhatubuntu

CWEs

CWE-122CWE-787

Related Vulnerabilities

BDU:2019-01287

Exploits

Exploit ID: 46677

Source: exploitdb

URL: https://www.exploit-db.com/exploits/46677

Recommendations

Source: nvd

All GD users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=media-libs/gd-2.2.5-r2”

URL: https://security.gentoo.org/glsa/201903-18

Vulnerable Software (27)

Type: Configuration

Product: gd

Operating System: rhel

Trait: 
{  "fixed": "2.2.5-7.el8"}

Source: redhat

Type: Configuration

Product: libgd2

Operating System: ubuntu bionic 18.04

Trait: 
{  "fixed": "2.2.5-4ubuntu0.3"}

Source: ubuntu

Type: Configuration

Product: libgd2

Operating System: ubuntu cosmic 18.10

Trait: 
{  "fixed": "2.2.5-4ubuntu1.1"}

Source: ubuntu

Type: Configuration

Product: libgd2

Operating System: ubuntu trusty 14.04

Trait: 
{  "fixed": "2.1.0-3ubuntu0.11"}

Source: ubuntu

Type: Configuration

Product: libgd2

Operating System: ubuntu xenial 16.04

Trait: 
{  "fixed": "2.1.1-4ubuntu0.16.04.11"}

Source: ubuntu

Type: Configuration

Product: libgd2

Operating System: debian

Trait: 
{  "fixed": "2.2.5-5.1"}

Source: debian

Type: Configuration

Product: libgd2

Operating System: astra 1.6.2

Trait: 
{  "unaffected": true}

Source: astra

Type: Configuration

Product: php5

Operating System: ubuntu trusty 14.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: php5

Operating System: debian

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: php7.0

Operating System: ubuntu xenial 16.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: php7.0

Operating System: debian

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: php7.2

Operating System: ubuntu bionic 18.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: php7.2

Operating System: ubuntu cosmic 18.10

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: php7.3

Operating System: debian

Trait: 
{  "fixed": "7.3.1-1"}

Source: debian

Type: Configuration

Product: rh-php71-php

Operating System: rhel

Trait: 
{  "fixed": "7.1.30-1.el7"}

Source: redhat

Type: Configuration

Product: rh-php71-php

Operating System: rhel

Trait: 
{  "fixed": "7.1.30-1.el7"}

Source: redhat

Type: Configuration

Product: rh-php71-php

Operating System: rhel

Trait: 
{  "fixed": "7.1.30-1.el7"}

Source: redhat

Type: Configuration

Product: rh-php71-php

Operating System: rhel

Trait: 
{  "fixed": "7.1.30-1.el7"}

Source: redhat

Type: Configuration

Product: rh-php72-php

Operating System: rhel

Trait: 
{  "fixed": "7.2.24-1.el7"}

Source: redhat

Type: Configuration

Product: rh-php72-php

Operating System: rhel

Trait: 
{  "fixed": "7.2.24-1.el7"}

Source: redhat