{ "threat_severity" : "Low", "public_date" : "2019-06-18T00:00:00Z", "bugzilla" : { "description" : "gd: Information disclosure in gdImageCreateFromXbm()", "id" : "1724149", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1724149" }, "cvss3" : { "cvss3_base_score" : "3.3", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-200", "details" : [ "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code." ], "statement" : "In order to successfully exploit this vulnerability, the following prerequisites must be fulfilled:\n* An attacker needs to supply a maliciously crafted XBM image designed to exploit the uninitialized variable in the gdImageCreateFromXbm() function.\n* The application or service must accept and process XBM images using the vulnerable gdImageCreateFromXbm() function.\n* User interaction is required to process the malicious XBM file.\nIt's important to note that successful exploitation requires that the application processes untrusted XBM image data using the vulnerable function. As this is not common practice, RH ProdSec has set the Impact of this vulnerability to \"Low\"", "affected_release" : [ { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2019-08-19T00:00:00Z", "advisory" : "RHSA-2019:2519", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php71-php-0:7.1.30-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2019-11-01T00:00:00Z", "advisory" : "RHSA-2019:3299", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php72-php-0:7.2.24-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date" : "2019-08-19T00:00:00Z", "advisory" : "RHSA-2019:2519", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php71-php-0:7.1.30-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date" : "2019-08-19T00:00:00Z", "advisory" : "RHSA-2019:2519", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php71-php-0:7.1.30-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date" : "2019-11-01T00:00:00Z", "advisory" : "RHSA-2019:3299", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php72-php-0:7.2.24-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date" : "2019-08-19T00:00:00Z", "advisory" : "RHSA-2019:2519", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php71-php-0:7.1.30-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date" : "2019-11-01T00:00:00Z", "advisory" : "RHSA-2019:3299", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php72-php-0:7.2.24-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date" : "2019-11-01T00:00:00Z", "advisory" : "RHSA-2019:3299", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php72-php-0:7.2.24-1.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Out of support scope", "package_name" : "gd", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Out of support scope", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Out of support scope", "package_name" : "php53", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "gd", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "gd", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "gd", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "php:7.2/php", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Fix deferred", "package_name" : "rh-php70-php", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-11038\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11038" ], "name" : "CVE-2019-11038", "csaw" : false }