Executive Summary

Informations
NameCVE-2019-6977First vendor Publication2019-01-26
VendorCveLast vendor Modification2019-04-10

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1
Application835
Os4
Os2

Snort® IPS/IDS

DateDescription
2019-05-07PHP gdImageColorMatch heap buffer overflow file download attempt
RuleID : 49673 - Revision : 1 - Type : SERVER-OTHER
2019-05-07PHP gdImageColorMatch heap buffer overflow file upload attempt
RuleID : 49672 - Revision : 1 - Type : SERVER-OTHER

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/106731
CONFIRM https://security.netapp.com/advisory/ntap-20190315-0003/
DEBIAN https://www.debian.org/security/2019/dsa-4384
EXPLOIT-DB https://www.exploit-db.com/exploits/46677/
GENTOO https://security.gentoo.org/glsa/201903-18
MISC http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Ba...
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
https://bugs.php.net/bug.php?id=77270
MLIST https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html
REDHAT https://access.redhat.com/errata/RHSA-2019:2519
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html
UBUNTU https://usn.ubuntu.com/3900-1/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
DateInformations
2019-08-20 12:05:22
  • Multiple Updates
2019-06-08 12:10:38
  • Multiple Updates
2019-04-24 12:08:54
  • Multiple Updates
2019-04-20 12:08:59
  • Multiple Updates
2019-04-11 00:19:07
  • Multiple Updates
2019-04-10 05:18:54
  • Multiple Updates
2019-04-05 09:19:10
  • Multiple Updates
2019-04-05 05:18:50
  • Multiple Updates
2019-03-29 09:19:07
  • Multiple Updates
2019-03-28 12:05:28
  • Multiple Updates
2019-03-18 17:19:31
  • Multiple Updates
2019-03-15 13:19:28
  • Multiple Updates
2019-03-01 21:19:09
  • Multiple Updates
2019-03-01 17:19:03
  • Multiple Updates
2019-02-09 12:06:56
  • Multiple Updates
2019-02-05 17:19:30
  • Multiple Updates
2019-01-31 17:19:15
  • Multiple Updates
2019-01-28 17:19:04
  • Multiple Updates
2019-01-27 09:19:15
  • First insertion