CVE-2019-11038 (GCVE-0-2019-11038)
Vulnerability from cvelistv5
Published
2019-06-18 23:28
Modified
2024-09-16 21:04
Severity ?
3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE
  • CWE-457 - Use of Uninitialized Variable
Summary
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
References
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/ vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/ vendor-advisory, x_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html mailing-list, x_refsource_MLIST
https://bugs.php.net/bug.php?id=77973 x_refsource_CONFIRM
https://github.com/libgd/libgd/issues/501 x_refsource_CONFIRM
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821 x_refsource_CONFIRM
https://bugzilla.suse.com/show_bug.cgi?id=1140118 x_refsource_CONFIRM
https://bugzilla.suse.com/show_bug.cgi?id=1140120 x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1724149 x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1724432 x_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:2519 vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4529 vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Sep/38 mailing-list, x_refsource_BUGTRAQ
https://access.redhat.com/errata/RHSA-2019:3299 vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html vendor-advisory, x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/ vendor-advisory, x_refsource_FEDORA
https://usn.ubuntu.com/4316-2/ vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4316-1/ vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
PHP Group PHP Version: 7.1.x < 7.1.30
Version: 7.2.x < 7.2.19
Version: 7.3.x < 7.3.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2019-be4f895015",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"
          },
          {
            "name": "FEDORA-2019-8c4b25b5ec",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"
          },
          {
            "name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=77973"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/libgd/libgd/issues/501"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"
          },
          {
            "name": "RHSA-2019:2519",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2519"
          },
          {
            "name": "DSA-4529",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4529"
          },
          {
            "name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Sep/38"
          },
          {
            "name": "RHSA-2019:3299",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3299"
          },
          {
            "name": "openSUSE-SU-2020:0332",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"
          },
          {
            "name": "FEDORA-2020-e795f92d79",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
          },
          {
            "name": "USN-4316-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4316-2/"
          },
          {
            "name": "USN-4316-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4316-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.x \u003c 7.1.30"
            },
            {
              "status": "affected",
              "version": "7.2.x \u003c 7.2.19"
            },
            {
              "status": "affected",
              "version": "7.3.x \u003c 7.3.6"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "The code has to enable gd extension and use gdImageCreateFromXbm() on externally controlled data to be vulnerable."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "By chamal dot desilva at gmail dot com"
        }
      ],
      "datePublic": "2019-05-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-457",
              "description": "CWE-457: Use of Uninitialized Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-08T01:06:06.000Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "name": "FEDORA-2019-be4f895015",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"
        },
        {
          "name": "FEDORA-2019-8c4b25b5ec",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"
        },
        {
          "name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=77973"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/libgd/libgd/issues/501"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"
        },
        {
          "name": "RHSA-2019:2519",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2519"
        },
        {
          "name": "DSA-4529",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4529"
        },
        {
          "name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Sep/38"
        },
        {
          "name": "RHSA-2019:3299",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3299"
        },
        {
          "name": "openSUSE-SU-2020:0332",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"
        },
        {
          "name": "FEDORA-2020-e795f92d79",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
        },
        {
          "name": "USN-4316-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4316-2/"
        },
        {
          "name": "USN-4316-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4316-1/"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.php.net/bug.php?id=77973"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Uninitialized read in gdImageCreateFromXbm",
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "security@php.net",
          "DATE_PUBLIC": "2019-05-28T06:49:00.000Z",
          "ID": "CVE-2019-11038",
          "STATE": "PUBLIC",
          "TITLE": "Uninitialized read in gdImageCreateFromXbm"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PHP",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1.x \u003c 7.1.30"
                          },
                          {
                            "version_value": "7.2.x \u003c 7.2.19"
                          },
                          {
                            "version_value": "7.3.x \u003c 7.3.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHP Group"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "The code has to enable gd extension and use gdImageCreateFromXbm() on externally controlled data to be vulnerable."
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "By chamal dot desilva at gmail dot com"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code."
            }
          ]
        },
        "exploit": [],
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-457: Use of Uninitialized Variable"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2019-be4f895015",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"
            },
            {
              "name": "FEDORA-2019-8c4b25b5ec",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"
            },
            {
              "name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=77973",
              "refsource": "CONFIRM",
              "url": "https://bugs.php.net/bug.php?id=77973"
            },
            {
              "name": "https://github.com/libgd/libgd/issues/501",
              "refsource": "CONFIRM",
              "url": "https://github.com/libgd/libgd/issues/501"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1140118",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1140120",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"
            },
            {
              "name": "RHSA-2019:2519",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2519"
            },
            {
              "name": "DSA-4529",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4529"
            },
            {
              "name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Sep/38"
            },
            {
              "name": "RHSA-2019:3299",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3299"
            },
            {
              "name": "openSUSE-SU-2020:0332",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"
            },
            {
              "name": "FEDORA-2020-e795f92d79",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
            },
            {
              "name": "USN-4316-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4316-2/"
            },
            {
              "name": "USN-4316-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4316-1/"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "",
          "defect": [
            "https://bugs.php.net/bug.php?id=77973"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2019-11038",
    "datePublished": "2019-06-18T23:28:28.236Z",
    "dateReserved": "2019-04-09T00:00:00.000Z",
    "dateUpdated": "2024-09-16T21:04:15.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.