VulnerableCode Vulnerability Details

System	Score	Found at
cvssv3	3.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11038.json
epss	0.01724	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.01724	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.01724	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.01724	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.01724	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
epss	0.06012	https://api.first.org/data/v1/epss?cve=CVE-2019-11038
cvssv3	4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2019-11038
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2019-11038

System

Score

Found at

cvssv3

3.3

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11038.json

epss

0.01724

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.01724

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.01724

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.01724

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.01724

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

epss

0.06012

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

cvssv3

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

cvssv2

5.0

https://nvd.nist.gov/vuln/detail/CVE-2019-11038

cvssv3.1

5.3

https://nvd.nist.gov/vuln/detail/CVE-2019-11038

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html
		https://access.redhat.com/errata/RHSA-2019:2519
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11038.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-11038
		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821
		https://bugs.php.net/bug.php?id=77973
		https://bugzilla.redhat.com/show_bug.cgi?id=1724149
		https://bugzilla.redhat.com/show_bug.cgi?id=1724432
		https://bugzilla.suse.com/show_bug.cgi?id=1140118
		https://bugzilla.suse.com/show_bug.cgi?id=1140120
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11039
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11040
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/libgd/libgd/issues/501
		https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/
		https://seclists.org/bugtraq/2019/Sep/38
		https://www.debian.org/security/2019/dsa-4529
cpe:2.3:a:libgd:libgd:2.2.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.5:::::::*
cpe:2.3:a:php:php::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php::::::::
cpe:2.3:a:redhat:software_collections:1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:::::::*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:fedoraproject:fedora:29:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*
cpe:2.3:o:fedoraproject:fedora:30:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
cpe:2.3:o:opensuse:leap:15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4::::::
cpe:2.3:o:suse:linux_enterprise_server:12:sp4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:12:sp4::::::
cpe:2.3:o:suse:linux_enterprise_server:12:sp5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:12:sp5::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp4::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5::::::
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp4::::::
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5::::::
CVE-2019-11038		https://nvd.nist.gov/vuln/detail/CVE-2019-11038
RHSA-2019:3299		https://access.redhat.com/errata/RHSA-2019:3299
USN-4316-1		https://usn.ubuntu.com/4316-1/
USN-4316-2		https://usn.ubuntu.com/4316-2/

Reference id

Reference type

URL

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html

https://access.redhat.com/errata/RHSA-2019:2519

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11038.json

https://api.first.org/data/v1/epss?cve=CVE-2019-11038

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821

https://bugs.php.net/bug.php?id=77973

https://bugzilla.redhat.com/show_bug.cgi?id=1724149

https://bugzilla.redhat.com/show_bug.cgi?id=1724432

https://bugzilla.suse.com/show_bug.cgi?id=1140118

https://bugzilla.suse.com/show_bug.cgi?id=1140120

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11039

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11040

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

https://github.com/libgd/libgd/issues/501

https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/

https://seclists.org/bugtraq/2019/Sep/38

https://www.debian.org/security/2019/dsa-4529

cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*

cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp4:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp4:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*

CVE-2019-11038

https://nvd.nist.gov/vuln/detail/CVE-2019-11038

RHSA-2019:3299

https://access.redhat.com/errata/RHSA-2019:3299

USN-4316-1

https://usn.ubuntu.com/4316-1/

USN-4316-2

https://usn.ubuntu.com/4316-2/

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11038.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11038

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11038

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:33:49.209436+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.12/main.json	37.0.0

2025-07-31T08:33:49.209436+00:00

Alpine Linux Importer

Import

https://secdb.alpinelinux.org/v3.12/main.json

37.0.0

Vulnerability ID	VCID-4w5h-5yab-skdt
Aliases	CVE-2019-11038
Summary	When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
Status	Published
Exploitability	0.5
Weighted Severity	4.8
Risk	2.4
Affected and Fixed Packages	Package Details

CWE-908	Use of Uninitialized Resource
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor

Percentile	0.8173
EPSS Score	0.01724
Published At	Aug. 1, 2025, 12:55 p.m.