CVE-2019-11038

Summary

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.

Affected Software

VendorProductVersion RangeStatus
PHP GroupPHP7.1.x < 7.1.30affected
PHP GroupPHP7.2.x < 7.2.19affected
PHP GroupPHP7.3.x < 7.3.6affected

Weaknesses

  • CWE-457: CWE-457: Use of Uninitialized Variable

ADP Enrichment

CVE Program Container

Additional References

References