漏洞信息详情

GD Graphics Library 缓冲区错误漏洞

  • CNNVD编号:CNNVD-201901-920
  • 危害等级: 高危
  • CVE编号: CVE-2019-6977
  • 漏洞类型: 缓冲区错误
  • 发布时间: 2019-01-28
  • 威胁类型: 远程
  • 更新时间: 2020-11-05
  • 厂        商:
  • 漏洞来源: Ubuntu,sscannell,R...

漏洞简介

GD Graphics Library(libgd或libgd2)是美国Thomas Boutell软件开发者的一个开源的用于动态创建图像的库。该产品支持创建图表、图形和缩略图等。

GD Graphics Library 2.2.5版本中的gd_color_match.c文件的‘gdImageColorMatch’函数存在基于堆的缓冲区溢出漏洞。攻击者可利用该漏洞执行代码或造成拒绝服务。以下产品和版本受到影响:PHP 5.6.40之前的版本,7.1.26之前的7.x版本,7.2.14之前的7.2.x版本,7.3.1之前的7.3.x版本。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

http://php.net/ChangeLog-5.php

http://php.net/ChangeLog-7.php

参考网址

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:2519

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html

来源:UBUNTU

链接:https://usn.ubuntu.com/3900-1/

来源:GENTOO

链接:https://security.gentoo.org/glsa/201903-18

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html

来源:MISC

链接:https://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html

来源:BID

链接:http://www.securityfocus.com/bid/106731

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/

来源:EXPLOIT-DB

链接:https://www.exploit-db.com/exploits/46677/

来源:BID

链接:https://www.securityfocus.com/bid/106731

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:3299

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/

来源:MISC

链接:http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html

来源:MISC

链接:https://bugs.php.net/bug.php?id=77270

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20190315-0003/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/

来源:MISC

链接:http://php.net/ChangeLog-7.php

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/

来源:DEBIAN

链接:https://www.debian.org/security/2019/dsa-4384

来源:MISC

链接:http://php.net/ChangeLog-5.php

来源:https://www.suse.com/support/update/announcement/2019/suse-su-201913961-1.html

链接:无

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2019/suse-su-20190747-1.html

来源:www.ubuntu.com

链接:http://www.ubuntu.com/usn/usn-3900-1

来源:www.securityfocus.com

链接:http://www.securityfocus.com/bid/106731

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/152271/Gentoo-Linux-Security-Advisory-201903-18.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-php/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/77890

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/75654

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/151903/Ubuntu-Security-Notice-USN-3900-1.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/76298

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/LibGD-buffer-overflow-via-gdImageColorMatch-28866

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159868/Red-Hat-Security-Advisory-2020-4659-01.html

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/1170424

受影响实体

    暂无


漏洞信息快速查询

相关漏洞

更多