CVE-2019-6977

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-6977

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6977.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-6977

Downstream

ALPINE-CVE-2019-6977

DEBIAN-CVE-2019-6977

DLA-1651-1

DLA-1679-1

DSA-4384-1

RHSA-2019:2519

RHSA-2019:3299

RHSA-2020:4659

SUSE-SU-2019:0333-1

SUSE-SU-2019:0449-1

SUSE-SU-2019:0747-1

SUSE-SU-2019:0771-1

SUSE-SU-2019:13961-1

UBUNTU-CVE-2019-6977

USN-3900-1

openSUSE-SU-2019:1148-1

openSUSE-SU-2024:10777-1

openSUSE-SU-2024:11852-1

Related

Published

2019-01-27T02:29:00Z

Modified

2025-10-14T17:05:26.826097Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4b8f72da5dfb201af4e82dee960261d8657e414f

Affected versions

Other

NEWS

NEWS-cvs2svn

php-5.*

php-5.3.23RC1

php-5.3.29

php-5.3.29RC1

php-5.4.30RC1

php-5.4.32RC1

php-5.4.4RC2

php-5.5.24RC1

php-5.6.18RC1

php-5.6.19RC1

php-5.6.22RC1

php-5.6.23RC1

php-5.6.24RC1