CVE-2019-11925
Last modified
CVE-2019-11925 is a vulnerability of currently unknown severity. Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.. EPSS estimates a 2.08% chance of exploitation in the next 30 days.
Description
Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hhvm | <= 3.30.9 | |
| Hhvm | >= 4.0.0, <= 4.8.3 | |
| Hhvm | >= 4.9.0, <= 4.15.2 | |
| Hhvm | >= 4.16.0, <= 4.16.3 | |
| Hhvm | >= 4.17.0, <= 4.17.2 | |
| Hhvm | >= 4.18.0, <= 4.18.1 | |
| Hhvm | >= 4.20.0, <= 4.20.1 | |
| Hhvm | 4.19.0 |
References
- https://hhvm.com/blog/2019/09/03/security-update.htmlThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2019-11925Vendor Advisory
- https://hhvm.com/blog/2019/09/03/security-update.htmlThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2019-11925Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11925?
How severe is CVE-2019-11925?
How do I fix CVE-2019-11925?
Are you affected by CVE-2019-11925?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST