Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2019-11038

Published: August 31, 2023Last modified: August 31, 2023

Description

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.

Severity score breakdown

ParameterValue
Base score5.3
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactNONE
Availability impactNONE
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSgdNot affected (2.3.3-r3)
StreamgdNot affected (2.3.3-r7)

References

ON THIS PAGE