Vulnerability Change Records for CVE-2019-11038

Change History

CVE Modified by PHP Group 4/07/2020 10:15:11 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://usn.ubuntu.com/4316-1/ [No Types Assigned]

CVE Modified by PHP Group 9/23/2019 7:15:10 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://seclists.org/bugtraq/2019/Sep/38 [No Types Assigned]
Added Reference

								
							
							
						
https://www.debian.org/security/2019/dsa-4529 [No Types Assigned]

CVE Modified by PHP Group 3/30/2020 10:15:13 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/ [No Types Assigned]

CVE Modified by PHP Group 11/01/2019 12:15:12 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2019:3299 [No Types Assigned]

CVE Modified by PHP Group 4/03/2020 8:15:23 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://usn.ubuntu.com/4316-2/ [No Types Assigned]

CVE Modified by PHP Group 10/09/2019 7:45:11 PM

Action Type Old Value New Value
Added CVSS V3

								
							
							
						
PHP Group AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Added CWE

								
							
							
						
PHP Group CWE-457

CVE Modified by PHP Group 3/11/2020 6:23:54 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html [No Types Assigned]

CVE Modified by PHP Group 8/19/2019 7:15:15 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2019:2519 [No Types Assigned]

CVE Modified by PHP Group 8/15/2019 1:15:12 PM

Action Type Old Value New Value
Changed Description
When using gdImageCreateFromXbm() function of PHP gd extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
Added Reference

								
							
							
						
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821 [No Types Assigned]
Added Reference

								
							
							
						
https://bugzilla.redhat.com/show_bug.cgi?id=1724149 [No Types Assigned]
Added Reference

								
							
							
						
https://bugzilla.redhat.com/show_bug.cgi?id=1724432 [No Types Assigned]
Added Reference

								
							
							
						
https://bugzilla.suse.com/show_bug.cgi?id=1140118 [No Types Assigned]
Added Reference

								
							
							
						
https://bugzilla.suse.com/show_bug.cgi?id=1140120 [No Types Assigned]
Added Reference

								
							
							
						
https://github.com/libgd/libgd/issues/501 [No Types Assigned]
Added Reference

								
							
							
						
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/ [No Types Assigned]
Added Reference

								
							
							
						
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/ [No Types Assigned]

CVE Modified by PHP Group 8/15/2019 12:15:11 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html [No Types Assigned]

Initial Analysis 6/20/2019 9:6:49 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 7.1.0 up to (excluding) 7.1.30
     *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (excluding) 7.2.19
     *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 7.3.0 up to (excluding) 7.3.6
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Added CVSS V3

								
							
							
						
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Added CWE

								
							
							
						
CWE-20
Changed Reference Type
https://bugs.php.net/bug.php?id=77973 No Types Assigned
https://bugs.php.net/bug.php?id=77973 Vendor Advisory