{"containers": {"cna": {"affected": [{"product": "PHP", "vendor": "PHP Group", "versions": [{"status": "affected", "version": "7.1.x < 7.1.30"}, {"status": "affected", "version": "7.2.x < 7.2.19"}, {"status": "affected", "version": "7.3.x < 7.3.6"}]}], "configurations": [{"lang": "en", "value": "The code has to enable gd extension and use gdImageCreateFromXbm() on externally controlled data to be vulnerable."}], "credits": [{"lang": "en", "value": "By chamal dot desilva at gmail dot com"}], "datePublic": "2019-05-28T00:00:00", "descriptions": [{"lang": "en", "value": "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-457", "description": "CWE-457: Use of Uninitialized Variable", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-08T01:06:06", "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php"}, "references": [{"name": "FEDORA-2019-be4f895015", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"}, {"name": "FEDORA-2019-8c4b25b5ec", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"}, {"name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=77973"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libgd/libgd/issues/501"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"}, {"name": "RHSA-2019:2519", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"name": "DSA-4529", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4529"}, {"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/38"}, {"name": "RHSA-2019:3299", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3299"}, {"name": "openSUSE-SU-2020:0332", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"}, {"name": "FEDORA-2020-e795f92d79", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"}, {"name": "USN-4316-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4316-2/"}, {"name": "USN-4316-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4316-1/"}], "source": {"defect": ["https://bugs.php.net/bug.php?id=77973"], "discovery": "EXTERNAL"}, "title": "Uninitialized read in gdImageCreateFromXbm", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "security@php.net", "DATE_PUBLIC": "2019-05-28T06:49:00.000Z", "ID": "CVE-2019-11038", "STATE": "PUBLIC", "TITLE": "Uninitialized read in gdImageCreateFromXbm"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PHP", "version": {"version_data": [{"version_value": "7.1.x < 7.1.30"}, {"version_value": "7.2.x < 7.2.19"}, {"version_value": "7.3.x < 7.3.6"}]}}]}, "vendor_name": "PHP Group"}]}}, "configuration": [{"lang": "en", "value": "The code has to enable gd extension and use gdImageCreateFromXbm() on externally controlled data to be vulnerable."}], "credit": [{"lang": "eng", "value": "By chamal dot desilva at gmail dot com"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-457: Use of Uninitialized Variable"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2019-be4f895015", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"}, {"name": "FEDORA-2019-8c4b25b5ec", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"}, {"name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"}, {"name": "https://bugs.php.net/bug.php?id=77973", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=77973"}, {"name": "https://github.com/libgd/libgd/issues/501", "refsource": "CONFIRM", "url": "https://github.com/libgd/libgd/issues/501"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1140118", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1140120", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"}, {"name": "RHSA-2019:2519", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"name": "DSA-4529", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4529"}, {"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/38"}, {"name": "RHSA-2019:3299", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3299"}, {"name": "openSUSE-SU-2020:0332", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"}, {"name": "FEDORA-2020-e795f92d79", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"}, {"name": "USN-4316-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4316-2/"}, {"name": "USN-4316-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4316-1/"}]}, "solution": [], "source": {"advisory": "", "defect": ["https://bugs.php.net/bug.php?id=77973"], "discovery": "EXTERNAL"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:40:15.995Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2019-be4f895015", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"}, {"name": "FEDORA-2019-8c4b25b5ec", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"}, {"name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=77973"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libgd/libgd/issues/501"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"}, {"name": "RHSA-2019:2519", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"name": "DSA-4529", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4529"}, {"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/38"}, {"name": "RHSA-2019:3299", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3299"}, {"name": "openSUSE-SU-2020:0332", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"}, {"name": "FEDORA-2020-e795f92d79", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"}, {"name": "USN-4316-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4316-2/"}, {"name": "USN-4316-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4316-1/"}]}]}, "cveMetadata": {"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "cveId": "CVE-2019-11038", "datePublished": "2019-06-18T23:28:28.236592Z", "dateReserved": "2019-04-09T00:00:00", "dateUpdated": "2024-09-16T21:04:15.889Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "C257CC1C-BF6A-4125-AA61-9C2D09096084", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "56CFABDE-1BA0-42D1-B38E-A08F27B2BF16", "versionEndExcluding": "7.1.30", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "2537B4A2-025F-4641-AFCF-82E492378C12", "versionEndExcluding": "7.2.19", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "B91B8478-BF61-468E-A7CC-5F418DDF2EB6", "versionEndExcluding": "7.3.6", "versionStartIncluding": "7.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*", "matchCriteriaId": "55242557-663C-4870-A439-4C8FEEB69E7F", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:*:*:*:*", "matchCriteriaId": "55E8AB88-2347-497B-91DE-AF64E08ED8F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:*", "matchCriteriaId": "29AE5751-3EA5-4056-8E79-16D8DCD248EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp4:*:*:*:*:*:*", "matchCriteriaId": "227AB4E0-7CD4-4094-BAA4-E98DC5279C97", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*", "matchCriteriaId": "6C734CEC-64F2-4129-B52E-C81884B3AC9A", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp4:*:*:*:*:*:*", "matchCriteriaId": "282B31FD-C5BB-4D81-9F74-6670B42551D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*", "matchCriteriaId": "243B9B56-C744-4C1C-B42E-158C1B041B6A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code."}, {"lang": "es", "value": "Cuando se usa la funci\u00f3n gdImageCreateFromXbm () en la Biblioteca de gr\u00e1ficos GD (tambi\u00e9n conocida como LibGD) 2.2.5, como se usa en la extensi\u00f3n PHP GD en las versiones de PHP 7.1.x debajo de 7.1.30, 7.2.x debajo de 7.2.19 y 7.3.x debajo 7.3.6, es posible suministrar datos que har\u00e1n que la funci\u00f3n use el valor de la variable no inicializada. Esto puede llevar a revelar el contenido de la pila que ha quedado all\u00ed por c\u00f3digo anterior."}], "id": "CVE-2019-11038", "lastModified": "2024-11-21T04:20:25.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "security@php.net", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-19T00:15:12.360", "references": [{"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3299"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"}, {"source": "security@php.net", "tags": ["Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=77973"}, {"source": "security@php.net", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"}, {"source": "security@php.net", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"}, {"source": "security@php.net", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"}, {"source": "security@php.net", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"}, {"source": "security@php.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/issues/501"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"}, {"source": "security@php.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"}, {"source": "security@php.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"}, {"source": "security@php.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"}, {"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/38"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4316-1/"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4316-2/"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4529"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2519"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3299"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=77973"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/libgd/libgd/issues/501"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/38"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4316-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4316-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4529"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-457"}], "source": "security@php.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:2519", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php71-php-0:7.1.30-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-08-19T00:00:00Z"}, {"advisory": "RHSA-2019:3299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php72-php-0:7.2.24-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-11-01T00:00:00Z"}, {"advisory": "RHSA-2019:2519", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php71-php-0:7.1.30-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2019-08-19T00:00:00Z"}, {"advisory": "RHSA-2019:2519", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php71-php-0:7.1.30-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-08-19T00:00:00Z"}, {"advisory": "RHSA-2019:3299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php72-php-0:7.2.24-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-11-01T00:00:00Z"}, {"advisory": "RHSA-2019:2519", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php71-php-0:7.1.30-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-08-19T00:00:00Z"}, {"advisory": "RHSA-2019:3299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php72-php-0:7.2.24-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-11-01T00:00:00Z"}, {"advisory": "RHSA-2019:3299", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php72-php-0:7.2.24-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2019-11-01T00:00:00Z"}], "bugzilla": {"description": "gd: Information disclosure in gdImageCreateFromXbm()", "id": "1724149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code."], "name": "CVE-2019-11038", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gd", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "php:7.2/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Fix deferred", "package_name": "rh-php70-php", "product_name": "Red Hat Software Collections"}], "public_date": "2019-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-11038\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11038"], "statement": "In order to successfully exploit this vulnerability, the following prerequisites must be fulfilled:\n* An attacker needs to supply a maliciously crafted XBM image designed to exploit the uninitialized variable in the gdImageCreateFromXbm() function.\n* The application or service must accept and process XBM images using the vulnerable gdImageCreateFromXbm() function.\n* User interaction is required to process the malicious XBM file.\nIt's important to note that successful exploitation requires that the application processes untrusted XBM image data using the vulnerable function. As this is not common practice, RH ProdSec has set the Impact of this vulnerability to \"Low\"", "threat_severity": "Low", "upstream_fix": "php 7.1.30, php 7.2.19, php 7.3.6"}