exploitDog

CVE-2019-11925

Опубликовано: 06 сент. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.

Ссылки

https://github.com/facebook/hhvm/commit/f1cd34e63c2a0d9702be3d41462db7bfd0ae7da3
Patch
https://hhvm.com/blog/2019/09/03/security-update.html
Third Party Advisory
https://www.facebook.com/security/advisories/cve-2019-11925
Vendor Advisory
https://github.com/facebook/hhvm/commit/f1cd34e63c2a0d9702be3d41462db7bfd0ae7da3
Patch
https://hhvm.com/blog/2019/09/03/security-update.html
Third Party Advisory
https://www.facebook.com/security/advisories/cve-2019-11925
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия до 3.30.9 (включая)

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия от 4.0.0 (включая) до 4.8.3 (включая)

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия от 4.9.0 (включая) до 4.15.2 (включая)

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия от 4.16.0 (включая) до 4.16.3 (включая)

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия от 4.17.0 (включая) до 4.17.2 (включая)

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия от 4.18.0 (включая) до 4.18.1 (включая)

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия от 4.20.0 (включая) до 4.20.1 (включая)

cpe:2.3:a:facebook:hhvm:4.19.0:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00974

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119

CWE-125

Связанные уязвимости

CVE-2019-11925

CVSS3: 9.8

ubuntu

больше 6 лет назад

Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.

CVE-2019-11925

CVSS3: 9.8

debian

больше 6 лет назад

Insufficient boundary checks when processing the JPEG APP12 block mark ...

GHSA-xm5g-27h5-6568

CVSS3: 9.8

github

больше 3 лет назад

Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.

EPSS

Процентиль: 76%

0.00974

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119

CWE-125