exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2019-6977

Status Candidate

Overview

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

Related Files

Red Hat Security Advisory 2020-4659-01
Posted Nov 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4659-01 - GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. Issues addressed include buffer overflow, double free, and null pointer vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-14553, CVE-2019-6977, CVE-2019-6978
SHA-256 | 07d1244d37b00bce426455cc1b2cbb2f09ac5b1da6a481853872a8a0a3ebedb8
Red Hat Security Advisory 2019-3299-01
Posted Nov 1, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3299-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and information leakage vulnerabilities.

tags | advisory, web, overflow, php, vulnerability
systems | linux, redhat
advisories | CVE-2016-10166, CVE-2018-20783, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11038, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11043, CVE-2019-6977, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640
SHA-256 | 3e6fa23a90586dc864b7d2f66f36956feb884ebbfb6236d5061b8a831b9c3da8
Red Hat Security Advisory 2019-2519-01
Posted Aug 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2519-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, bypass, cross site scripting, denial of service, information leakage, and null pointer vulnerabilities.

tags | advisory, web, denial of service, overflow, php, vulnerability, xss
systems | linux, redhat
advisories | CVE-2016-10166, CVE-2017-12932, CVE-2017-16642, CVE-2017-9118, CVE-2017-9120, CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549, CVE-2018-14851, CVE-2018-14884, CVE-2018-17082, CVE-2018-20783, CVE-2018-5711, CVE-2018-5712, CVE-2018-7584, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11038, CVE-2019-11039, CVE-2019-11040, CVE-2019-6977, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022
SHA-256 | acffbdfe90b0a58970132a1847884fe8bf47723bf6191011cc4ac8b281a95407
PHP 7.2 imagecolormatch() Out-Of-Band Heap Write
Posted Apr 9, 2019
Authored by Charles FOL

PHP version 7.2 suffers from an imagecolormatch() out-of-band heap write vulnerability.

tags | exploit, php
advisories | CVE-2019-6977
SHA-256 | 69add42dde7d8d122571186cc4217258d5760ae073e9d96197a97e8666a28e27
Gentoo Linux Security Advisory 201903-18
Posted Mar 28, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201903-18 - Multiple vulnerabilities have been found in GD, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.2.5-r2 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-1000222, CVE-2018-5711, CVE-2019-6977, CVE-2019-6978
SHA-256 | 1d37ab9ca2e7fff5ccebddafafb28ae0b10fe4c7a72c0a7ba6a91459db606e08
Ubuntu Security Notice USN-3900-1
Posted Feb 28, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3900-1 - It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-6977
SHA-256 | 46470680db6dfc7a7bf912eb15368330de552c69127de9ce9ce73617c85925f1
Debian Security Advisory 4384-1
Posted Feb 5, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4384-1 - Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2019-6977, CVE-2019-6978
SHA-256 | 185a43ed9d6a8dabfd51568c47827afdb4622c5d5deae768927db27844e37d1b
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close