|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-08-26 | |
| Rule Name: | GD Graphics Library GDimagecolormatch Heap Overflow Vulnerability (CVE-2019-6977) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | SecurityFocusBID:106731 ExploitDB:46677 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://php.net/ChangeLog-5.php |