Showing 1 - 7 of 7

CVE-2019-6977

Status Candidate

Overview

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

Related Files

Red Hat Security Advisory 2020-4659-01: Posted Nov 4, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-4659-01 - GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. Issues addressed include buffer overflow, double free, and null pointer vulnerabilities.; tags | advisory, overflow, vulnerability; systems | linux, redhat; advisories | CVE-2018-14553, CVE-2019-6977, CVE-2019-6978; SHA-256 | 07d1244d37b00bce426455cc1b2cbb2f09ac5b1da6a481853872a8a0a3ebedb8; Download | Favorite | View

Red Hat Security Advisory 2019-3299-01: Posted Nov 1, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-3299-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and information leakage vulnerabilities.; tags | advisory, web, overflow, php, vulnerability; systems | linux, redhat; advisories | CVE-2016-10166, CVE-2018-20783, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11038, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11043, CVE-2019-6977, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640; SHA-256 | 3e6fa23a90586dc864b7d2f66f36956feb884ebbfb6236d5061b8a831b9c3da8; Download | Favorite | View

Red Hat Security Advisory 2019-2519-01: Posted Aug 19, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-2519-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, bypass, cross site scripting, denial of service, information leakage, and null pointer vulnerabilities.; tags | advisory, web, denial of service, overflow, php, vulnerability, xss; systems | linux, redhat; advisories | CVE-2016-10166, CVE-2017-12932, CVE-2017-16642, CVE-2017-9118, CVE-2017-9120, CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549, CVE-2018-14851, CVE-2018-14884, CVE-2018-17082, CVE-2018-20783, CVE-2018-5711, CVE-2018-5712, CVE-2018-7584, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11038, CVE-2019-11039, CVE-2019-11040, CVE-2019-6977, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022; SHA-256 | acffbdfe90b0a58970132a1847884fe8bf47723bf6191011cc4ac8b281a95407; Download | Favorite | View

PHP 7.2 imagecolormatch() Out-Of-Band Heap Write: Posted Apr 9, 2019; Authored by Charles FOL; PHP version 7.2 suffers from an imagecolormatch() out-of-band heap write vulnerability.; tags | exploit, php; advisories | CVE-2019-6977; SHA-256 | 69add42dde7d8d122571186cc4217258d5760ae073e9d96197a97e8666a28e27; Download | Favorite | View

Gentoo Linux Security Advisory 201903-18: Posted Mar 28, 2019; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201903-18 - Multiple vulnerabilities have been found in GD, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.2.5-r2 are affected.; tags | advisory, remote, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2018-1000222, CVE-2018-5711, CVE-2019-6977, CVE-2019-6978; SHA-256 | 1d37ab9ca2e7fff5ccebddafafb28ae0b10fe4c7a72c0a7ba6a91459db606e08; Download | Favorite | View

Ubuntu Security Notice USN-3900-1: Posted Feb 28, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3900-1 - It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2019-6977; SHA-256 | 46470680db6dfc7a7bf912eb15368330de552c69127de9ce9ce73617c85925f1; Download | Favorite | View

Debian Security Advisory 4384-1: Posted Feb 5, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4384-1 - Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.; tags | advisory, denial of service, arbitrary, vulnerability; systems | linux, debian; advisories | CVE-2019-6977, CVE-2019-6978; SHA-256 | 185a43ed9d6a8dabfd51568c47827afdb4622c5d5deae768927db27844e37d1b; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2019-6977

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems