CVE-2019-11926

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-11926

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11926.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11926

Downstream

UBUNTU-CVE-2019-11926

Published

2019-09-06T19:15:11.607Z

Modified

2026-04-11T08:05:30.010626Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.

References

Affected packages

Git / github.com/facebook/hhvm

Affected ranges

Type

GIT

Repo

https://github.com/facebook/hhvm

Events

Introduced

Last affected

4f72b676ce0907078a81b0be6283057abb2af29d

Introduced

7d4f701b9ed004452d695fce4e1ef8f48babbf39

Last affected

b5d38ca640f92028e9cef407e8f5cfddda05bc9d

Introduced

0abb3b0c92e938bb7dac2d0c1603c5866e2a035b

Last affected

897c11257022661a1e62fa6e6d724f62abb4798e

Introduced

2336e00771c85df63ccb0e7c8a3004b907a3095f

Last affected

93b424b7a7e8af9a7306ec7a0594c2889419ed3a

Introduced

3ba6a05af7d6372d5b8bf22ed4b30f356c99d412

Last affected

b02eadedd00a2922f2f26f8d541133f8d6da816e

Introduced

429410767a2999bca955ff2c55d763dd3058dc68

Last affected

4bfd92104d573c0e1a11260e51ed678a6ad3a144

Introduced

8b8ed4b4d8a9c56ae1af0f9fa38b027047049daf

Last affected

11774f57c04395ed69e48546287f6552005dee12

Introduced

Last affected

e3f058f758c6ad9bda4a3c074872844aa7759cbf

Fixed

f9680d21beaa9eb39d166e8810e29fbafa51ad15

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.30.9"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.8.3"
        },
        {
            "introduced": "4.9.0"
        },
        {
            "last_affected": "4.15.2"
        },
        {
            "introduced": "4.16.0"
        },
        {
            "last_affected": "4.16.3"
        },
        {
            "introduced": "4.17.0"
        },
        {
            "last_affected": "4.17.2"
        },
        {
            "introduced": "4.18.0"
        },
        {
            "last_affected": "4.18.1"
        },
        {
            "introduced": "4.20.0"
        },
        {
            "last_affected": "4.20.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.19.0"
        }
    ]
}

Affected versions

HHVM-3.*

HHVM-3.30.0

HHVM-3.30.1

HHVM-3.30.2

HHVM-3.30.3

HHVM-3.30.4

HHVM-3.30.5

HHVM-3.30.6

HHVM-3.30.7

HHVM-3.30.8

HHVM-3.30.9

HHVM-4.*

HHVM-4.15.0

HHVM-4.15.1

HHVM-4.15.2

HHVM-4.16.0

HHVM-4.16.1

HHVM-4.16.2

HHVM-4.16.3

HHVM-4.17.0

HHVM-4.17.1

HHVM-4.17.2

HHVM-4.18.0

HHVM-4.18.1

HHVM-4.19.0

HHVM-4.20.0

HHVM-4.20.1

HHVM-4.8.0

HHVM-4.8.1

HHVM-4.8.2

HHVM-4.8.3

HPHP-2.*

HPHP-2.1.0

gcc-4.*

gcc-4.6

nightly-2019.*

nightly-2019.03.28

nightly-2019.03.29

nightly-2019.03.30

nightly-2019.03.31

nightly-2019.04.01

nightly-2019.04.02

nightly-2019.04.03

nightly-2019.04.04

nightly-2019.04.05

nightly-2019.04.06

nightly-2019.04.07

nightly-2019.04.08

nightly-2019.04.09

nightly-2019.04.10

nightly-2019.04.11

nightly-2019.04.12

nightly-2019.04.13

nightly-2019.04.14

nightly-2019.04.15

nightly-2019.04.16

nightly-2019.04.17

nightly-2019.04.18

nightly-2019.04.19

nightly-2019.04.20

nightly-2019.04.21

nightly-2019.04.22

nightly-2019.04.23

nightly-2019.04.24

nightly-2019.04.25

nightly-2019.04.26

nightly-2019.04.27

nightly-2019.04.28

nightly-2019.04.29

nightly-2019.04.30

nightly-2019.05.01

nightly-2019.05.02

nightly-2019.05.03

nightly-2019.05.04

nightly-2019.05.05

nightly-2019.05.06

nightly-2019.05.07

nightly-2019.05.08

nightly-2019.05.09

nightly-2019.05.10

nightly-2019.05.11

nightly-2019.05.12

nightly-2019.05.13

nightly-2019.05.14

nightly-2019.05.15

nightly-2019.05.16

nightly-2019.05.17

nightly-2019.05.18

nightly-2019.05.19

nightly-2019.05.20

nightly-2019.05.21

nightly-2019.05.22

nightly-2019.05.23

nightly-2019.05.24

nightly-2019.05.25

nightly-2019.05.26

nightly-2019.05.27

nightly-2019.05.28

nightly-2019.05.29

nightly-2019.05.30

nightly-2019.05.31

nightly-2019.06.01

nightly-2019.06.02

nightly-2019.06.03

nightly-2019.06.04

nightly-2019.06.05

nightly-2019.06.06

nightly-2019.06.07

nightly-2019.06.08

nightly-2019.06.09

nightly-2019.06.10

nightly-2019.06.11

nightly-2019.06.12

nightly-2019.06.13

nightly-2019.06.14

nightly-2019.06.15

nightly-2019.06.16

nightly-2019.06.17

nightly-2019.06.18

nightly-2019.06.19

nightly-2019.06.20

nightly-2019.06.21

nightly-2019.06.22

nightly-2019.06.23

nightly-2019.06.24

nightly-2019.06.25

nightly-2019.06.26

nightly-2019.06.27

nightly-2019.06.28

nightly-2019.06.29

nightly-2019.06.30

nightly-2019.07.01

nightly-2019.07.02

nightly-2019.07.03

nightly-2019.07.04

nightly-2019.07.05

nightly-2019.07.06

nightly-2019.07.07

nightly-2019.07.08

nightly-2019.07.09

nightly-2019.07.10

nightly-2019.07.11

nightly-2019.07.12

nightly-2019.07.13

nightly-2019.07.14

nightly-2019.07.15

nightly-2019.07.16

nightly-2019.07.17

nightly-2019.07.18

nightly-2019.07.19

nightly-2019.07.20

nightly-2019.07.21

nightly-2019.07.22

nightly-2019.07.23

nightly-2019.07.24

nightly-2019.07.25

nightly-2019.07.26

nightly-2019.07.27

nightly-2019.07.28

nightly-2019.07.29

nightly-2019.07.30

nightly-2019.07.31

nightly-2019.08.01

nightly-2019.08.02

nightly-2019.08.03

nightly-2019.08.04

nightly-2019.08.05

nightly-2019.08.06

nightly-2019.08.07

nightly-2019.08.08

nightly-2019.08.09

nightly-2019.08.10

nightly-2019.08.11

nightly-2019.08.12

nightly-2019.08.13

nightly-2019.08.14

nightly-2019.08.15

nightly-2019.08.16

nightly-2019.08.17

nightly-2019.08.18

nightly-2019.08.19

nightly-2019.08.20

nightly-2019.08.21

nightly-2019.08.22

nightly-2019.08.23

nightly-2019.08.24

nightly-2019.08.25

nightly-2019.08.26

nightly-2019.08.27

nightly-2019.08.28

nightly-2019.08.29

nightly-2019.08.30

nightly-2019.08.31

nightly-2019.09.01

nightly-2019.09.02

nightly-2019.09.03

Other

pre-hhvm

src-hphp

Database specific

vanir_signatures_modified

"2026-04-11T08:05:30Z"

vanir_signatures

[
    {
        "id": "CVE-2019-11926-5d4c324a",
        "target": {
            "file": "hphp/runtime/ext/gd/ext_gd.cpp",
            "function": "exif_scan_JPEG_header"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "316722539573244679246418927392304391778",
            "length": 2877.0
        },
        "signature_type": "Function",
        "source": "https://github.com/facebook/hhvm/commit/f9680d21beaa9eb39d166e8810e29fbafa51ad15",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2019-11926-a250b1c0",
        "target": {
            "file": "hphp/runtime/ext/gd/ext_gd.cpp"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "93161239212344732520542401577881575199",
                "10468555372110612368705733563071099795",
                "286298927606354586499563092496189100601",
                "23178453850178771625514676618814683632"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/facebook/hhvm/commit/f9680d21beaa9eb39d166e8810e29fbafa51ad15",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11926.json"