CVE-2019-11038
Description
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
10.719
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| php7.0 security update(DSA-4529-1) php7.0_7.0.33-0+deb9u5_all.deb | Linux |
| SUSE-SU-2020:0623-1(SUSE Linux Enterprise Desktop 12-SP4 ) gd-2.1.0-24.17.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0623-1(SUSE Linux Enterprise Desktop 12-SP4 ) gd-32bit-2.1.0-24.17.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0623-1(SUSE Linux Enterprise Desktop 12-SP4 ) gd-debuginfo-2.1.0-24.17.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0623-1(SUSE Linux Enterprise Desktop 12-SP4 ) gd-debuginfo-32bit-2.1.0-24.17.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0623-1(SUSE Linux Enterprise Desktop 12-SP4 ) gd-debugsource-2.1.0-24.17.1.x86_64.rpm | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd3_2.2.5-4ubuntu0.4_i386.deb | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd3_2.2.5-4ubuntu0.4_amd64.deb | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd3_2.1.1-4ubuntu0.16.04.12_i386.deb | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd3_2.1.1-4ubuntu0.16.04.12_amd64.deb | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd3_2.2.5-5.2ubuntu0.19.10.1_i386.deb | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd3_2.2.5-5.2ubuntu0.19.10.1_amd64.deb | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd-tools_2.2.5-4ubuntu0.4_i386.deb | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd-tools_2.2.5-4ubuntu0.4_amd64.deb | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd-tools_2.1.1-4ubuntu0.16.04.12_i386.deb | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd-tools_2.1.1-4ubuntu0.16.04.12_amd64.deb | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd-tools_2.2.5-5.2ubuntu0.19.10.1_i386.deb | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd-tools_2.2.5-5.2ubuntu0.19.10.1_amd64.deb | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd-tools_2.2.5-4ubuntu0.4_i386.deb | Linux |
| Open source code library for the dynamic creation of images (USN-4316-1) libgd-tools_2.2.5-4ubuntu0.4_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234