| CVE ID | Description | Potential Impact | |---|---|---| | | Integer underflow in _gdContributionsAlloc function | Denial of service (DoS), memory corruption, arbitrary code execution (CVSS v3 score: 9.8) | | CVE-2019-6977 | Heap-based buffer overflow in gdImageColorMatch | Complete system compromise via crafted image data | | CVE-2019-9020 | Heap-based buffer over-read in xmlrpc_decode | Heap out-of-bounds read, read-after-free → complete system compromise | | CVE-2019-9021 | Heap-based buffer over-read in PHAR extension | Sensitive information disclosure via crafted file name | | CVE-2019-9023 | Multiple heap-based buffer over-reads in mbstring regex | Memory corruption → full system compromise via crafted multi-byte sequences | | CVE-2019-9024 | Out-of-bounds read in xmlrpc_decode | Memory read beyond allocated regions via malicious XMLRPC server | | CVE-2019-11043 | Buffer underflow in php5-fpm (only certain Nginx configurations) | Remote code execution (RCE) – extremely severe |
Use tools like PHPCompatibility to scan your code for deprecated functions. php version 5640 vulnerabilities link
: A heap-based buffer overflow condition inside the gdImageColorMatch function. If an application permits arbitrary user image uploads processed via GD, attackers can inject malformed image data to crash the process or execute unauthenticated shellcode. | CVE ID | Description | Potential Impact
