Use of Uninitialized Resource
Affecting libgd2 package, versions <2.2.4-2+deb9u5
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
References
- ADVISORY
- Bugtraq Mailing List
- CONFIRM
- CONFIRM
- CONFIRM
- Debian Bug Report
- Debian Security Advisory
- Debian Security Announcement
- Debian Security Tracker
- FEDORA
- Fedora Security Update
- Fedora Security Update
- GitHub Issue
- OpenSuse Security Announcement
- RHSA Security Advisory
- RHSA Security Advisory
- RedHat Bugzilla Bug
- RedHat Bugzilla Bug
- UBUNTU
- UBUNTU
- Ubuntu CVE Tracker
CVSS Score
5.3
medium severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityNone
-
AvailabilityNone
- CVE
- CVE-2019-11038
- CWE
- CWE-457 CWE-908
- Snyk ID
- SNYK-DEBIAN9-LIBGD2-349173
- Disclosed
- 19 Jun, 2019
- Published
- 09 Jun, 2019