CVE-2019-11925
9.8CRITICALInsufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue aff
Published: 9/6/2019Updated: 11/21/2024
Description
Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.
AI AnalysisPowered by AI
Affected Products
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
4.19.0
References
- https://github.com/facebook/hhvm/commit/f1cd34e63c2a0d9702be3d41462db7bfd0ae7da3Patch
- https://hhvm.com/blog/2019/09/03/security-update.htmlThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2019-11925Vendor Advisory
- https://github.com/facebook/hhvm/commit/f1cd34e63c2a0d9702be3d41462db7bfd0ae7da3Patch
- https://hhvm.com/blog/2019/09/03/security-update.htmlThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2019-11925Vendor Advisory