CVE-2019-6977

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-6977
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6977.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-6977
Downstream
Related
Published
2019-01-27T02:29:00.340Z
Modified
2026-02-02T21:34:57.331361Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Fixed
4b8f72da5dfb201af4e82dee960261d8657e414f
Introduced
8148cbb78841c8ec0759c0836e7f35dec799d300
Fixed
643a161a24e662fd2afa9bf3591b105f4881e93e
Introduced
60fffd296abce5fc071f3c173c25a2696cf683c6
Fixed
b3ad2be890e86c69cdc661739c74b677b46a53cb

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6977.json"