CVE-2019-6977

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-6977

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6977.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-6977

Related

Published

2019-01-27T02:29:00Z

Modified

2024-09-11T04:33:18.472060Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

References

Affected packages

Alpine:v3.10 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.11 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.12 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.13 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.14 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.15 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.16 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.17 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.18 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.19 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.20 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.6 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.7 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.8 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Alpine:v3.9 / gd

Package

Name: gd
Purl: pkg:apk/alpine/gd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-r2

Affected versions

2.*

2.0.35-r0

2.0.35-r1

2.0.35-r2

2.0.36_rc1-r0

2.0.36_rc1-r1

2.0.36_rc1-r2

2.0.36_rc1-r3

2.0.36_rc1-r4

2.0.36_rc1-r5

2.0.36_rc1-r6

2.0.36_rc1-r7

2.0.36_rc1-r8

2.0.36_rc1-r9

2.1.0-r0

2.1.0-r1

2.1.1-r0

2.2.1-r0

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.2.4-r1

2.2.4-r2

2.2.5-r0

2.2.5-r1

Debian:11 / libgd2

Package

Name: libgd2
Purl: pkg:deb/debian/libgd2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-5.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libgd2

Package

Name: libgd2
Purl: pkg:deb/debian/libgd2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-5.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libgd2

Package

Name: libgd2
Purl: pkg:deb/debian/libgd2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-5.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4b8f72da5dfb201af4e82dee960261d8657e414f

Affected versions

Other

NEWS

NEWS-cvs2svn

php-5.*

php-5.3.23RC1

php-5.3.29

php-5.3.29RC1

php-5.4.30RC1

php-5.4.32RC1

php-5.4.4RC2

php-5.5.24RC1

php-5.6.18RC1

php-5.6.19RC1

php-5.6.22RC1

php-5.6.23RC1

php-5.6.24RC1