What is CVE-2019-6977?

CVE-2019-6977 is a vulnerability in N/a. Published 2019-01-27.

Is CVE-2019-6977 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-6977

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overf…

EPSS: 0.879 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

106731 (vdb-entry, x_refsource_BID)
security.netapp.com/advisory/ntap-20190315-0003/ (x_refsource_CONFIRM)
php.net/ChangeLog-5.php (x_refsource_MISC)
php.net/ChangeLog-7.php (x_refsource_MISC)
USN-3900-1 (vendor-advisory, x_refsource_UBUNTU)
[debian-lts-announce] 20190130 [SECURITY] [DLA 1651-1] libgd2 security update (mailing-list, x_refsource_MLIST)
bugs.php.net/bug.php (x_refsource_MISC)
DSA-4384 (vendor-advisory, x_refsource_DEBIAN)
GLSA-201903-18 (vendor-advisory, x_refsource_GENTOO)
openSUSE-SU-2019:1148 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2019-6977?: CVE-2019-6977 is a vulnerability in N/a. Published 2019-01-27.
Is CVE-2019-6977 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.