CVE-2019-6977

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-6977
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6977.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-6977
Related
Published
2019-01-27T02:29:00Z
Modified
2024-12-05T15:24:37.109339Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

References

Affected packages

Alpine:v3.10 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.11 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.12 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.13 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.14 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.15 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.16 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.17 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.18 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.19 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.20 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.21 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.6 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.7 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.8 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Alpine:v3.9 / gd

Package

Name
gd
Purl
pkg:apk/alpine/gd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-r2

Affected versions

2.*

2.0.35-r0
2.0.35-r1
2.0.35-r2
2.0.36_rc1-r0
2.0.36_rc1-r1
2.0.36_rc1-r2
2.0.36_rc1-r3
2.0.36_rc1-r4
2.0.36_rc1-r5
2.0.36_rc1-r6
2.0.36_rc1-r7
2.0.36_rc1-r8
2.0.36_rc1-r9
2.1.0-r0
2.1.0-r1
2.1.1-r0
2.2.1-r0
2.2.3-r0
2.2.3-r1
2.2.4-r0
2.2.4-r1
2.2.4-r2
2.2.5-r0
2.2.5-r1

Debian:11 / libgd2

Package

Name
libgd2
Purl
pkg:deb/debian/libgd2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-5.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libgd2

Package

Name
libgd2
Purl
pkg:deb/debian/libgd2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-5.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libgd2

Package

Name
libgd2
Purl
pkg:deb/debian/libgd2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5-5.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

NEWS
NEWS-cvs2svn

php-5.*

php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
php-5.6.18RC1
php-5.6.19RC1
php-5.6.22RC1
php-5.6.23RC1
php-5.6.24RC1