CVE-2019-11926
06.09.2019, 19:15
Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.Enginsight
| Vendor | Product | Version |
|---|---|---|
| hhvm | 𝑥 ≤ 3.30.9 | |
| hhvm | 4.0.0 ≤ 𝑥 ≤ 4.8.3 | |
| hhvm | 4.9.0 ≤ 𝑥 ≤ 4.15.2 | |
| hhvm | 4.16.0 ≤ 𝑥 ≤ 4.16.3 | |
| hhvm | 4.17.0 ≤ 𝑥 ≤ 4.17.2 | |
| hhvm | 4.18.0 ≤ 𝑥 ≤ 4.18.1 | |
| hhvm | 4.20.0 ≤ 𝑥 ≤ 4.20.1 | |
| hhvm | 4.19.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-125 - Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.
References