Insufficient Boundary Checks in HHVM's GD Extension
CVE-2019-11926
9.8CRITICAL
What is CVE-2019-11926?
The vulnerability in HHVM's GD extension arises from insufficient boundary checks when parsing M_SOFx markers from JPEG headers. This flaw can lead to access to out-of-bounds memory when processing a constructed malformed JPEG, potentially exposing the application to further exploits. Users are advised to update to the latest versions to mitigate this risk.
Affected Version(s)
HHVM 4.21.0
HHVM 4.20.2
HHVM 4.20.0