VDB
DEBIAN-CVE-2019-11038
DEBIAN-CVE-2019-11038
PUBLISHED
CVSS 5.300000190734863 MEDIUM
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | libgd2 | 0, 0, 0 |
| Debian:11 | libgd2 | 0, 0, 0 |
| Debian:12 | libgd2 | 0, 0, 0 |
| Debian:13 | libgd2 | 0, 0, 0 |
Timeline
- Jun 19, 2019 CVE Published
- Apr 28, 2026 CVE Updated