CVE-2019-11038
Severity
5.3MEDIUM
EPSS
10.5%
top 6.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 19
Latest updateMay 24
Description
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages11 packages
Also affects: Debian Linux 8.0, 9.0, Fedora 29, 30, 32, Ubuntu Linux 14.04, 16.04, 18.04, 19.10, Enterprise Linux 7.0, 8.0