CVE-2019-6977 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-6977 PUBLISHED

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

EPSS 86.30% · 99.4th percentile

Risk Scores

EPSS Score

86.30%

99.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	libgd2	0, 2.1.1-4ubuntu0.16.04.10, 2.1.1-4ubuntu0.16.04.8
Ubuntu:18.04:LTS	libgd2	2.2.5-4ubuntu0.2, 0, 2.2.5-3
Ubuntu:14.04:LTS	libgd2	2.1.0-3ubuntu0.6, 2.1.0-3ubuntu0.5, 2.1.0-3ubuntu0.3

Timeline

CVE Published
Apr 9, 2019 PoC Published
Sep 11, 2019 PoC Published
Oct 10, 2020 PoC Published
Apr 14, 2021 EPSS Score
Mar 7, 2023 EPSS Score
May 7, 2023 EPSS Score
Jul 9, 2023 EPSS Score
Aug 9, 2023 EPSS Score
Jan 5, 2024 EPSS Score
Mar 15, 2024 EPSS Score
May 7, 2024 EPSS Score

References

https://ubuntu.com/security/CVE-2019-6977 third-party-advisory
http://php.net/ChangeLog-5.php third-party-advisory
http://php.net/ChangeLog-7.php third-party-advisory
https://ubuntu.com/security/notices/USN-3900-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2019-6977 third-party-advisory

Open in Interactive Console →