Vulnerabilities > CVE-2019-11038 - Use of Uninitialized Resource vulnerability in multiple products

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE

Summary

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.

Vulnerable Configurations

Part Description Count
Application
Libgd
1
Application
Php
178
Application
Suse
1
Application
Redhat
1
OS
Canonical
4
OS
Debian
2
OS
Fedoraproject
3
OS
Suse
7
OS
Opensuse
1
OS
Redhat
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2335.NASL
    descriptionAccording to the version of the gd package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.(CVE-2019-11038) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131500
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131500
    titleEulerOS Virtualization for ARM 64 3.0.3.0 : gd (EulerOS-SA-2019-2335)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131500);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/10");
    
      script_cve_id(
        "CVE-2019-11038"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.3.0 : gd (EulerOS-SA-2019-2335)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the gd package installed, the EulerOS
    Virtualization for ARM 64 installation on the remote host is affected
    by the following vulnerability :
    
      - When using the gdImageCreateFromXbm() function in the
        GD Graphics Library (aka LibGD) 2.2.5, as used in the
        PHP GD extension in PHP versions 7.1.x below 7.1.30,
        7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is
        possible to supply data that will cause the function to
        use the value of uninitialized variable. This may lead
        to disclosing contents of the stack that has been left
        there by previous code.(CVE-2019-11038)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2335
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ac89394c");
      script_set_attribute(attribute:"solution", value:
    "Update the affected gd package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.3.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.3.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.3.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["gd-2.2.5-3.h2.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gd");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-332.NASL
    descriptionThis update for gd fixes the following issues : Security issue fixed : - CVE-2018-14553: Fixed a NULL pointer dereference in gdImageClone (bsc#1165471). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-03-18
    modified2020-03-11
    plugin id134398
    published2020-03-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134398
    titleopenSUSE Security Update : gd (openSUSE-2020-332)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2020-332.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134398);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13");
    
      script_cve_id("CVE-2018-14553", "CVE-2019-11038");
    
      script_name(english:"openSUSE Security Update : gd (openSUSE-2020-332)");
      script_summary(english:"Check for the openSUSE-2020-332 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for gd fixes the following issues :
    
    Security issue fixed :
    
      - CVE-2018-14553: Fixed a NULL pointer dereference in
        gdImageClone (bsc#1165471).
    
      - CVE-2019-11038: Fixed a information disclosure in
        gdImageCreateFromXbm() (bsc#1140120).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140120"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1165471"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gd packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11038");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gd-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgd3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgd3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgd3-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgd3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.1", reference:"gd-2.2.5-lp151.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"gd-debuginfo-2.2.5-lp151.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"gd-debugsource-2.2.5-lp151.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"gd-devel-2.2.5-lp151.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libgd3-2.2.5-lp151.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libgd3-debuginfo-2.2.5-lp151.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libgd3-32bit-2.2.5-lp151.6.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libgd3-32bit-debuginfo-2.2.5-lp151.6.6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gd / gd-debuginfo / gd-debugsource / gd-devel / libgd3 / etc");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2020-083-01.NASL
    descriptionNew gd packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-03-26
    modified2020-03-24
    plugin id134850
    published2020-03-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134850
    titleSlackware 14.2 / current : gd (SSA:2020-083-01)
  • NASL familyCGI abuses
    NASL idPHP_7_1_30.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.30. It is, therefore, affected by the following vulnerabilities: - An uninitialized vulnerability exists in gdImageCreateFromXbm due to sscanf method not being able to read a hex value. An attacker may be able exploit this issue, to cause the disclose of sensitive information. (CVE-2019-11038) - An out of bounds read vulnerability exists in iconv.c:_php_iconv_mime_decode() due to integer overflow. An attacker may be able exploit this issue, to cause the disclose of sensitive information. (CVE-2019-11039) - A heap-based buffer overflow condition exists on php_jpg_get16. An attacker can exploit this, to cause a denial of service condition or the execution of arbitrary code. (CVE-2019-11040)
    last seen2020-06-01
    modified2020-06-02
    plugin id125640
    published2019-05-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125640
    titlePHP 7.1.x < 7.1.30 Multiple Vulnerabilities.
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-BE4F895015.NASL
    description**PHP version 7.3.6** (30 May 2019) **cURL:** - Implemented FR php#72189 (Add missing CURL_VERSION_* constants). (Javier Spagnoletti) **EXIF:** - Fixed bug php#77988 (heap-buffer-overflow on php_jpg_get16). (CVE-2019-11040) (Stas) **FPM:** - Fixed bug php#77934 (php-fpm kill -USR2 not working). (Jakub Zelenka) - Fixed bug php#77921 (static.php.net doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id125747
    published2019-06-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125747
    titleFedora 30 : php (2019-be4f895015)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-8C4B25B5EC.NASL
    description**PHP version 7.2.19** (30 May 2019) **EXIF:** - Fixed bug php#77988 (heap-buffer-overflow on php_jpg_get16). (CVE-2019-11040) (Stas) **FPM:** - Fixed bug php#77934 (php-fpm kill -USR2 not working). (Jakub Zelenka) - Fixed bug php#77921 (static.php.net doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id125787
    published2019-06-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125787
    titleFedora 29 : php (2019-8c4b25b5ec)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4529.NASL
    descriptionMultiple security issues were found in PHP, a widely-used open source general purpose scripting language: Missing sanitising in the EXIF extension and the iconv_mime_decode_headers() function could result in information disclosure or denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id129107
    published2019-09-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129107
    titleDebian DSA-4529-1 : php7.0 - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0623-1.NASL
    descriptionThis update for gd fixes the following issues : CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241). CVE-2018-14553: Fixed a NULL pointer dereference in gdImageClone() (bsc#1165471). CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-03-10
    plugin id134366
    published2020-03-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134366
    titleSUSE SLED12 / SLES12 Security Update : gd (SUSE-SU-2020:0623-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1817.NASL
    descriptionAn unitialized read was discovered in the XBM support of libgd2, a library for programmatic graphics creation and manipulation. The unitialized read might lead to information disclosure. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id125837
    published2019-06-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125837
    titleDebian DLA-1817-1 : libgd2 security update
  • NASL familyCGI abuses
    NASL idPHP_7_3_6.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.6. It is, therefore, affected by the following vulnerabilities: - An uninitialized vulnerability exists in gdImageCreateFromXbm due to sscanf method not being able to read a hex value. An attacker may be able exploit this issue, to cause the disclose of sensitive information. (CVE-2019-11038) - An out of bounds read vulnerability exists in iconv.c:_php_iconv_mime_decode() due to integer overflow. An attacker may be able exploit this issue, to cause the disclose of sensitive information. (CVE-2019-11039) - A heap-based buffer overflow condition exists on php_jpg_get16. An attacker can exploit this, to cause a denial of service condition or the execution of arbitrary code. (CVE-2019-11040)
    last seen2020-06-01
    modified2020-06-02
    plugin id125681
    published2019-06-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125681
    titlePHP 7.3.x < 7.3.6 Multiple Vulnerabilities.
  • NASL familyCGI abuses
    NASL idPHP_7_2_19.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.19. It is, therefore, affected by the following vulnerabilities: - An uninitialized vulnerability exists in gdImageCreateFromXbm due to sscanf method not being able to read a hex value. An attacker may be able exploit this issue, to cause the disclose of sensitive information. (CVE-2019-11038) - An out of bounds read vulnerability exists in iconv.c:_php_iconv_mime_decode() due to integer overflow. An attacker may be able exploit this issue, to cause the disclose of sensitive information. (CVE-2019-11039) - A heap-based buffer overflow condition exists on php_jpg_get16. An attacker can exploit this, to cause a denial of service condition or the execution of arbitrary code. (CVE-2019-11040)
    last seen2020-06-01
    modified2020-06-02
    plugin id125639
    published2019-05-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125639
    titlePHP 7.2.x < 7.2.19 Multiple Vulnerabilities.
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1240.NASL
    descriptionFunction iconv_mime_decode_headers() in PHP may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.(CVE-2019-11039) When using gdImageCreateFromXbm() function of PHP gd extension, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. (CVE-2019-11038) When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. (CVE-2019-11040)
    last seen2020-06-01
    modified2020-06-02
    plugin id127068
    published2019-07-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127068
    titleAmazon Linux AMI : php71 / php72,php73 (ALAS-2019-1240)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0594-1.NASL
    descriptionThis update for gd fixes the following issues : Security issue fixed : CVE-2018-14553: Fixed a NULL pointer dereference in gdImageClone (bsc#1165471). CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-03-06
    plugin id134297
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134297
    titleSUSE SLED15 / SLES15 Security Update : gd (SUSE-SU-2020:0594-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2074.NASL
    descriptionAccording to the version of the gd package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.(CVE-2019-11038) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-09-30
    plugin id129433
    published2019-09-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129433
    titleEulerOS 2.0 SP8 : gd (EulerOS-SA-2019-2074)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2243-1.NASL
    descriptionThis update for php7 fixes the following issues : Security issues fixed : CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140118). CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128317
    published2019-08-29
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128317
    titleSUSE SLES12 Security Update : php7 (SUSE-SU-2019:2243-1)

Redhat

advisories
  • rhsa
    idRHSA-2019:2519
  • rhsa
    idRHSA-2019:3299
rpms
  • rh-php71-php-0:7.1.30-1.el7
  • rh-php71-php-bcmath-0:7.1.30-1.el7
  • rh-php71-php-cli-0:7.1.30-1.el7
  • rh-php71-php-common-0:7.1.30-1.el7
  • rh-php71-php-dba-0:7.1.30-1.el7
  • rh-php71-php-dbg-0:7.1.30-1.el7
  • rh-php71-php-debuginfo-0:7.1.30-1.el7
  • rh-php71-php-devel-0:7.1.30-1.el7
  • rh-php71-php-embedded-0:7.1.30-1.el7
  • rh-php71-php-enchant-0:7.1.30-1.el7
  • rh-php71-php-fpm-0:7.1.30-1.el7
  • rh-php71-php-gd-0:7.1.30-1.el7
  • rh-php71-php-gmp-0:7.1.30-1.el7
  • rh-php71-php-intl-0:7.1.30-1.el7
  • rh-php71-php-json-0:7.1.30-1.el7
  • rh-php71-php-ldap-0:7.1.30-1.el7
  • rh-php71-php-mbstring-0:7.1.30-1.el7
  • rh-php71-php-mysqlnd-0:7.1.30-1.el7
  • rh-php71-php-odbc-0:7.1.30-1.el7
  • rh-php71-php-opcache-0:7.1.30-1.el7
  • rh-php71-php-pdo-0:7.1.30-1.el7
  • rh-php71-php-pgsql-0:7.1.30-1.el7
  • rh-php71-php-process-0:7.1.30-1.el7
  • rh-php71-php-pspell-0:7.1.30-1.el7
  • rh-php71-php-recode-0:7.1.30-1.el7
  • rh-php71-php-snmp-0:7.1.30-1.el7
  • rh-php71-php-soap-0:7.1.30-1.el7
  • rh-php71-php-xml-0:7.1.30-1.el7
  • rh-php71-php-xmlrpc-0:7.1.30-1.el7
  • rh-php71-php-zip-0:7.1.30-1.el7
  • rh-php72-php-0:7.2.24-1.el7
  • rh-php72-php-bcmath-0:7.2.24-1.el7
  • rh-php72-php-cli-0:7.2.24-1.el7
  • rh-php72-php-common-0:7.2.24-1.el7
  • rh-php72-php-dba-0:7.2.24-1.el7
  • rh-php72-php-dbg-0:7.2.24-1.el7
  • rh-php72-php-debuginfo-0:7.2.24-1.el7
  • rh-php72-php-devel-0:7.2.24-1.el7
  • rh-php72-php-embedded-0:7.2.24-1.el7
  • rh-php72-php-enchant-0:7.2.24-1.el7
  • rh-php72-php-fpm-0:7.2.24-1.el7
  • rh-php72-php-gd-0:7.2.24-1.el7
  • rh-php72-php-gmp-0:7.2.24-1.el7
  • rh-php72-php-intl-0:7.2.24-1.el7
  • rh-php72-php-json-0:7.2.24-1.el7
  • rh-php72-php-ldap-0:7.2.24-1.el7
  • rh-php72-php-mbstring-0:7.2.24-1.el7
  • rh-php72-php-mysqlnd-0:7.2.24-1.el7
  • rh-php72-php-odbc-0:7.2.24-1.el7
  • rh-php72-php-opcache-0:7.2.24-1.el7
  • rh-php72-php-pdo-0:7.2.24-1.el7
  • rh-php72-php-pgsql-0:7.2.24-1.el7
  • rh-php72-php-process-0:7.2.24-1.el7
  • rh-php72-php-pspell-0:7.2.24-1.el7
  • rh-php72-php-recode-0:7.2.24-1.el7
  • rh-php72-php-snmp-0:7.2.24-1.el7
  • rh-php72-php-soap-0:7.2.24-1.el7
  • rh-php72-php-xml-0:7.2.24-1.el7
  • rh-php72-php-xmlrpc-0:7.2.24-1.el7
  • rh-php72-php-zip-0:7.2.24-1.el7

References