7.5
CVSSv2

CVE-2019-11926

Published: 06/09/2019 Updated: 09/09/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions before 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1.

Vulnerability Trend

Affected Products

Vendor Product Versions
FacebookHhvm3.30.9, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.2.0, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.5.0, 4.5.1, 4.6.0, 4.6.1, 4.7.0, 4.7.1, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.9.0, 4.9.1, 4.10.0, 4.11.0, 4.12.0, 4.12.1, 4.12.2, 4.13.0, 4.13.1, 4.13.2, 4.14.0, 4.14.1, 4.14.2, 4.15.0, 4.15.1, 4.15.2, 4.16.0, 4.16.1, 4.16.2, 4.16.3, 4.17.0, 4.17.1, 4.17.2, 4.18.0, 4.18.1, 4.19.0, 4.20.0, 4.20.1