Wind River Support Network

HomeDefectsLIN7-11082
Fixed

LIN7-11082 : Security Advisory - php - CVE-2019-11038

Created: Jun 19, 2019    Updated: Jul 26, 2019
Resolved Date: Jul 26, 2019
Found In Version: 7.0.0.1
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace

Description

When using gdImageCreateFromXbm() function of gd extension in versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.

CREATE(Triage): {Link=https://nvd.nist.gov/vuln/detail/CVE-2019-11038 User=admin}

CVEs


Live chat
Online