exploitDog

CVE-2019-11926

Опубликовано: 06 сент. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.

Ссылки

https://github.com/facebook/hhvm/commit/f9680d21beaa9eb39d166e8810e29fbafa51ad15
Patch
Third Party Advisory
https://hhvm.com/blog/2019/09/03/security-update.html
Third Party Advisory
https://www.facebook.com/security/advisories/cve-2019-11926
Vendor Advisory
https://github.com/facebook/hhvm/commit/f9680d21beaa9eb39d166e8810e29fbafa51ad15
Patch
Third Party Advisory
https://hhvm.com/blog/2019/09/03/security-update.html
Third Party Advisory
https://www.facebook.com/security/advisories/cve-2019-11926
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия до 3.30.9 (включая)

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия от 4.0.0 (включая) до 4.8.3 (включая)

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия от 4.9.0 (включая) до 4.15.2 (включая)

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия от 4.16.0 (включая) до 4.16.3 (включая)

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия от 4.17.0 (включая) до 4.17.2 (включая)

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия от 4.18.0 (включая) до 4.18.1 (включая)

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*

Версия от 4.20.0 (включая) до 4.20.1 (включая)

cpe:2.3:a:facebook:hhvm:4.19.0:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00974

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119

CWE-125

Связанные уязвимости

CVE-2019-11926

CVSS3: 9.8

ubuntu

больше 6 лет назад

Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.

CVE-2019-11926

CVSS3: 9.8

debian

больше 6 лет назад

Insufficient boundary checks when processing M_SOFx markers from JPEG ...

GHSA-rjfc-697q-4r5p

CVSS3: 9.8

github

больше 3 лет назад

Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.

EPSS

Процентиль: 76%

0.00974

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119

CWE-125