UBUNTU-CVE-2019-11038

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2019-11038

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-11038.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-11038

Related

Published

2019-06-19T00:15:00Z

Modified

2019-06-19T00:15:00Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.

References

Affected packages

Ubuntu:Pro:14.04:LTS / libgd2

Package

Name: libgd2
Purl: pkg:deb/ubuntu/libgd2@2.1.0-3ubuntu0.11+esm1?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.0-3ubuntu0.11+esm1

Affected versions

2.*

2.1.0-2

2.1.0-3

2.1.0-3ubuntu0.1

2.1.0-3ubuntu0.2

2.1.0-3ubuntu0.3

2.1.0-3ubuntu0.5

2.1.0-3ubuntu0.6

2.1.0-3ubuntu0.7

2.1.0-3ubuntu0.8

2.1.0-3ubuntu0.10

2.1.0-3ubuntu0.11

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libgd2-xpm-dev": "2.1.0-3ubuntu0.11+esm1",
            "libgd-dev": "2.1.0-3ubuntu0.11+esm1",
            "libgd3-dbgsym": "2.1.0-3ubuntu0.11+esm1",
            "libgd3": "2.1.0-3ubuntu0.11+esm1",
            "libgd-dbg": "2.1.0-3ubuntu0.11+esm1",
            "libgd2-noxpm-dev": "2.1.0-3ubuntu0.11+esm1",
            "libgd-tools": "2.1.0-3ubuntu0.11+esm1",
            "libgd-tools-dbgsym": "2.1.0-3ubuntu0.11+esm1"
        }
    ]
}

Ubuntu:16.04:LTS / libgd2

Package

Name: libgd2
Purl: pkg:deb/ubuntu/libgd2@2.1.1-4ubuntu0.16.04.12?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.1-4ubuntu0.16.04.12

Affected versions

2.*

2.1.1-4build1

2.1.1-4build2

2.1.1-4ubuntu0.16.04.1

2.1.1-4ubuntu0.16.04.2

2.1.1-4ubuntu0.16.04.3

2.1.1-4ubuntu0.16.04.5

2.1.1-4ubuntu0.16.04.6

2.1.1-4ubuntu0.16.04.7

2.1.1-4ubuntu0.16.04.8

2.1.1-4ubuntu0.16.04.10

2.1.1-4ubuntu0.16.04.11

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libgd-dev": "2.1.1-4ubuntu0.16.04.12",
            "libgd3-dbgsym": "2.1.1-4ubuntu0.16.04.12",
            "libgd3": "2.1.1-4ubuntu0.16.04.12",
            "libgd-dbg": "2.1.1-4ubuntu0.16.04.12",
            "libgd-dev-dbgsym": "2.1.1-4ubuntu0.16.04.12",
            "libgd-tools": "2.1.1-4ubuntu0.16.04.12",
            "libgd-tools-dbgsym": "2.1.1-4ubuntu0.16.04.12"
        }
    ]
}

Ubuntu:18.04:LTS / libgd2

Package

Name: libgd2
Purl: pkg:deb/ubuntu/libgd2@2.2.5-4ubuntu0.4?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-4ubuntu0.4

Affected versions

2.*

2.2.5-3

2.2.5-4

2.2.5-4ubuntu0.2

2.2.5-4ubuntu0.3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libgd-dev": "2.2.5-4ubuntu0.4",
            "libgd-tools": "2.2.5-4ubuntu0.4",
            "libgd3-dbgsym": "2.2.5-4ubuntu0.4",
            "libgd3": "2.2.5-4ubuntu0.4",
            "libgd-tools-dbgsym": "2.2.5-4ubuntu0.4"
        }
    ]
}

Ubuntu:20.04:LTS / libgd2

Package

Name: libgd2
Purl: pkg:deb/ubuntu/libgd2@2.2.5-5.2?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.5-5.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libgd-dev": "2.2.5-5.2",
            "libgd-tools": "2.2.5-5.2",
            "libgd3-dbgsym": "2.2.5-5.2",
            "libgd3": "2.2.5-5.2",
            "libgd-tools-dbgsym": "2.2.5-5.2"
        }
    ]
}