Description
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
Remediation
References
Related Vulnerabilities
WordPress Plugin WPS Bidouille Multiple Vulnerabilities (1.12.2)
WordPress Plugin YITH WooCommerce Product Add-Ons Security Bypass (1.5.21)
Lighttpd Other Vulnerability (CVE-2007-3947)
WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7117)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2019-10079)