ALPINE-CVE-2019-6977
- Source
- https://security.alpinelinux.org/vuln/CVE-2019-6977
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2019-6977.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2019-6977
- Upstream
- Published
- 2019-01-27T02:29:00.340Z
- Modified
- 2025-12-03T22:42:23.896817Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
gdImageColorMatch in gdcolormatch.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
- References
Affected packages
Alpine:v3.10
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.11
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.12
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.13
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.14
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.15
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.16
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.17
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.18
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.19
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.20
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.21
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.22
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.23
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.6
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.7
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.8
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2
Alpine:v3.9
gd
Package
- Name
- gd
- Purl
- pkg:apk/alpine/gd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.5-r2