CVE-2019-6977

Priority
Description
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka
LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40,
7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a
heap-based buffer overflow. This can be exploited by an attacker who is
able to trigger imagecolormatch calls with crafted image data.
Notes
 mdeslaur> php uses the system libgd2
 mdeslaur> as of 2019-01-30, commit only in php, not in libgd2
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.1.0-3ubuntu0.11)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.1.1-4ubuntu0.16.04.11)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.2.5-4ubuntu0.3)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2.2.5-4ubuntu1.1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.2.5-5.1)
Patches:
Other:http://git.php.net/?p=php-src.git;a=commit;h=7a12dad4dd6c370835b13afae214b240082c7538
Other:http://git.php.net/?p=php-src.git;a=commit;h=a15af81b5f0058e020eda0f109f51a3c863f5212
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (uses system gd)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (uses system gd)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system gd)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system gd)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (uses system gd)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system gd)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):not-affected (uses system gd)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=7a12dad4dd6c370835b13afae214b240082c7538
More Information

Updated: 2019-03-19 12:31:19 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)