[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-6977":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":43,"duplicate_of":9,"upstream":44,"downstream":45,"duplicates":84,"related":85,"reserved_at":9,"published_at":95,"modified_at":96,"state":97,"summary":98,"references_raw":106,"kevs":202,"epss":203,"epss_history":206,"metrics":426,"affected":437},"CVE-2019-6977","gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-787","Out-of-bounds Write","The product writes data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base","High",[],[21,30],{"_key":22,"name":23,"source":24,"url":25,"maturity":26,"reliability_score":27,"verified":28,"type":9,"platforms":29,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_86DC7C9E6EFED18D","Exploit Reference (bugs.php.net)","reference","https://bugs.php.net/bug.php?id=77270","unknown",0.2,false,[],{"_key":31,"name":32,"source":33,"url":34,"maturity":35,"reliability_score":36,"verified":28,"type":37,"platforms":38,"requires_auth":9,"exploitdb":40,"metasploit":9},"46677","PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write","exploit-database","https://www.exploit-db.com/exploits/46677","poc",0.5,"remote",[39],"php",{"verified":28,"type":37,"platform":39,"file":41,"codes":42},"exploits/php/remote/46677.php",[7],[],[],[46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82],{"_key":47},"ALPINE-CVE-2019-6977",{"_key":49},"RHSA-2020:4659",{"_key":51},"SUSE-SU-2019:0333-1",{"_key":53},"SUSE-SU-2019:0449-1",{"_key":55},"SUSE-SU-2019:0747-1",{"_key":57},"SUSE-SU-2019:0771-1",{"_key":59},"SUSE-SU-2019:13961-1",{"_key":61},"OPENSUSE-SU-2019:1148-1",{"_key":63},"OPENSUSE-SU-2024:10777-1",{"_key":65},"OPENSUSE-SU-2024:11852-1",{"_key":67},"DLA-1651-1",{"_key":69},"DLA-1679-1",{"_key":71},"DSA-4384-1",{"_key":73},"MGASA-2019-0073",{"_key":75},"UBUNTU-CVE-2019-6977",{"_key":77},"USN-3900-1",{"_key":79},"DEBIAN-CVE-2019-6977",{"_key":81},"RHSA-2019:2519",{"_key":83},"RHSA-2019:3299",[],[86,87,88,89,90,91,92,93,94],{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":73},"2019-01-27T02:00:00.000Z","2024-08-04T20:38:32.847Z","Modified",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":99,"epss_score":100,"severity":101,"severity_score":102,"severity_version":103,"severity_source":104,"severity_vector":105,"severity_status":97},"critical",0.87883,"high",8.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",[107,115,121,128,132,137,143,148,153,158,163,167,172,176,181,185,190,194,198],{"url":108,"sources":109,"tags":111},"http://www.securityfocus.com/bid/106731",[110,104],"cve.org",[112,113,114],"VDB Entry","X Refsource BID","Third Party Advisory",{"url":116,"sources":117,"tags":118},"https://security.netapp.com/advisory/ntap-20190315-0003/",[110,104],[119,120,114],"X Refsource CONFIRM","Patch",{"url":122,"sources":123,"tags":124},"http://php.net/ChangeLog-5.php",[110,104],[125,126,127],"X Refsource MISC","Release Notes","Vendor Advisory",{"url":129,"sources":130,"tags":131},"http://php.net/ChangeLog-7.php",[110,104],[125,126,127],{"url":133,"sources":134,"tags":135},"https://usn.ubuntu.com/3900-1/",[110,104],[127,136,114],"X Refsource UBUNTU",{"url":138,"sources":139,"tags":140},"https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html",[110,104],[141,142,114],"Mailing List","X Refsource MLIST",{"url":25,"sources":144,"tags":145},[110,104],[125,146,147,141,127],"Exploit","Issue Tracking",{"url":149,"sources":150,"tags":151},"https://www.debian.org/security/2019/dsa-4384",[110,104],[127,152,114],"X Refsource DEBIAN",{"url":154,"sources":155,"tags":156},"https://security.gentoo.org/glsa/201903-18",[110,104],[127,157,114],"X Refsource GENTOO",{"url":159,"sources":160,"tags":161},"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html",[110,104],[127,162],"X Refsource SUSE",{"url":164,"sources":165,"tags":166},"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html",[110,104],[127,162],{"url":168,"sources":169,"tags":170},"https://www.exploit-db.com/exploits/46677/",[110,104],[146,171],"X Refsource EXPLOIT DB",{"url":173,"sources":174,"tags":175},"http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html",[110,104],[125],{"url":177,"sources":178,"tags":179},"https://access.redhat.com/errata/RHSA-2019:2519",[110,104],[127,180],"X Refsource REDHAT",{"url":182,"sources":183,"tags":184},"https://access.redhat.com/errata/RHSA-2019:3299",[110,104],[127,180],{"url":186,"sources":187,"tags":188},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/",[110,104],[127,189],"X Refsource FEDORA",{"url":191,"sources":192,"tags":193},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/",[110,104],[127,189],{"url":195,"sources":196,"tags":197},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/",[110,104],[127,189],{"url":199,"sources":200,"tags":201},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/",[110,104],[127,189],[],{"date":204,"score":100,"percentile":205},"2026-06-04",0.99491,[207,211,213,215,217,220,222,224,226,230,233,235,237,239,241,245,248,250,253,255,258,260,262,264,267,269,272,274,278,280,283,285,287,289,291,294,296,300,303,305,308,310,312,314,316,319,322,324,326,328,330,333,335,337,341,343,345,347,349,353,355,358,361,363,365,367,369,372,374,376,378,381,383,385,388,391,393,395,398,400,402,405,407,409,412,415,417,419,421,423],{"date":208,"score":209,"percentile":210},"2025-11-04",0.89145,0.99505,{"date":212,"score":209,"percentile":210},"2025-11-05",{"date":214,"score":209,"percentile":210},"2025-11-06",{"date":216,"score":209,"percentile":210},"2025-11-07",{"date":218,"score":209,"percentile":219},"2025-11-08",0.99503,{"date":221,"score":209,"percentile":219},"2025-11-09",{"date":223,"score":209,"percentile":219},"2025-11-10",{"date":225,"score":209,"percentile":219},"2025-11-11",{"date":227,"score":228,"percentile":229},"2025-11-12",0.89071,0.99499,{"date":231,"score":228,"percentile":232},"2025-11-13",0.995,{"date":234,"score":228,"percentile":232},"2025-11-14",{"date":236,"score":228,"percentile":232},"2025-11-15",{"date":238,"score":228,"percentile":232},"2025-11-16",{"date":240,"score":228,"percentile":229},"2025-11-17",{"date":242,"score":243,"percentile":244},"2025-11-18",0.79152,0.99143,{"date":246,"score":243,"percentile":247},"2025-11-19",0.99144,{"date":249,"score":243,"percentile":247},"2025-11-20",{"date":251,"score":228,"percentile":252},"2025-11-21",0.99495,{"date":254,"score":228,"percentile":252},"2025-11-22",{"date":256,"score":228,"percentile":257},"2025-11-23",0.99496,{"date":259,"score":228,"percentile":257},"2025-11-24",{"date":261,"score":228,"percentile":257},"2025-11-25",{"date":263,"score":228,"percentile":257},"2025-11-26",{"date":265,"score":228,"percentile":266},"2025-11-27",0.99497,{"date":268,"score":228,"percentile":266},"2025-11-28",{"date":270,"score":228,"percentile":271},"2025-11-29",0.99498,{"date":273,"score":228,"percentile":266},"2025-11-30",{"date":275,"score":276,"percentile":277},"2025-12-01",0.88373,0.99474,{"date":279,"score":276,"percentile":277},"2025-12-02",{"date":281,"score":276,"percentile":282},"2025-12-03",0.99473,{"date":284,"score":228,"percentile":229},"2025-12-04",{"date":286,"score":228,"percentile":229},"2025-12-05",{"date":288,"score":228,"percentile":229},"2025-12-06",{"date":290,"score":228,"percentile":232},"2025-12-07",{"date":292,"score":228,"percentile":293},"2025-12-08",0.99502,{"date":295,"score":228,"percentile":293},"2025-12-09",{"date":297,"score":298,"percentile":299},"2025-12-10",0.87771,0.99436,{"date":301,"score":298,"percentile":302},"2025-12-11",0.99437,{"date":304,"score":298,"percentile":302},"2025-12-12",{"date":306,"score":298,"percentile":307},"2025-12-13",0.99435,{"date":309,"score":298,"percentile":307},"2025-12-14",{"date":311,"score":298,"percentile":307},"2025-12-15",{"date":313,"score":298,"percentile":299},"2025-12-16",{"date":315,"score":298,"percentile":302},"2025-12-17",{"date":317,"score":298,"percentile":318},"2025-12-18",0.99438,{"date":320,"score":298,"percentile":321},"2025-12-19",0.99439,{"date":323,"score":298,"percentile":318},"2025-12-20",{"date":325,"score":298,"percentile":321},"2025-12-21",{"date":327,"score":298,"percentile":318},"2025-12-22",{"date":329,"score":298,"percentile":321},"2025-12-23",{"date":331,"score":298,"percentile":332},"2025-12-24",0.9944,{"date":334,"score":298,"percentile":332},"2025-12-25",{"date":336,"score":298,"percentile":321},"2025-12-26",{"date":338,"score":339,"percentile":340},"2025-12-27",0.89955,0.99555,{"date":342,"score":298,"percentile":318},"2025-12-28",{"date":344,"score":298,"percentile":318},"2025-12-29",{"date":346,"score":298,"percentile":318},"2025-12-30",{"date":348,"score":298,"percentile":321},"2025-12-31",{"date":350,"score":351,"percentile":352},"2026-01-01",0.86907,0.99415,{"date":354,"score":351,"percentile":352},"2026-01-02",{"date":356,"score":351,"percentile":357},"2026-01-03",0.99416,{"date":359,"score":298,"percentile":360},"2026-01-04",0.99441,{"date":362,"score":298,"percentile":360},"2026-01-05",{"date":364,"score":298,"percentile":360},"2026-01-06",{"date":366,"score":298,"percentile":360},"2026-01-07",{"date":368,"score":298,"percentile":360},"2026-01-08",{"date":370,"score":298,"percentile":371},"2026-01-09",0.99443,{"date":373,"score":298,"percentile":371},"2026-01-10",{"date":375,"score":298,"percentile":371},"2026-01-11",{"date":377,"score":298,"percentile":371},"2026-01-12",{"date":379,"score":298,"percentile":380},"2026-01-13",0.99444,{"date":382,"score":298,"percentile":380},"2026-01-14",{"date":384,"score":298,"percentile":380},"2026-01-15",{"date":386,"score":298,"percentile":387},"2026-01-16",0.99445,{"date":389,"score":298,"percentile":390},"2026-01-17",0.99446,{"date":392,"score":298,"percentile":390},"2026-01-18",{"date":394,"score":298,"percentile":390},"2026-01-19",{"date":396,"score":298,"percentile":397},"2026-01-20",0.99447,{"date":399,"score":298,"percentile":390},"2026-01-21",{"date":401,"score":298,"percentile":390},"2026-01-22",{"date":403,"score":298,"percentile":404},"2026-01-23",0.99448,{"date":406,"score":298,"percentile":404},"2026-01-24",{"date":408,"score":298,"percentile":404},"2026-01-25",{"date":410,"score":298,"percentile":411},"2026-01-26",0.99449,{"date":413,"score":298,"percentile":414},"2026-01-27",0.9945,{"date":416,"score":298,"percentile":414},"2026-01-28",{"date":418,"score":298,"percentile":414},"2026-01-29",{"date":420,"score":298,"percentile":414},"2026-01-30",{"date":422,"score":298,"percentile":414},"2026-01-31",{"date":424,"score":351,"percentile":425},"2026-02-01",0.99424,[427],{"source":104,"cvss_v2_0":428,"cvss_v3_0":433,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":429,"baseSeverity":9,"vectorString":430,"impactScore":431,"exploitabilityScore":432},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":102,"baseSeverity":434,"vectorString":105,"impactScore":435,"exploitabilityScore":436},"HIGH",9.8,7.2,[438,453,462,468],{"ecosystem":9,"name":439,"vendor":440,"product":441,"cpe_part":442,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":443},"ubuntu linux","canonical","ubuntu_linux","o",[444,447,449,451],{"version":445,"is_range":28,"range_type":446,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04","cpe",{"version":448,"is_range":28,"range_type":446,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":450,"is_range":28,"range_type":446,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":452,"is_range":28,"range_type":446,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.10",{"ecosystem":9,"name":454,"vendor":455,"product":456,"cpe_part":442,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":457},"debian linux","debian","debian_linux",[458,460],{"version":459,"is_range":28,"range_type":446,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":461,"is_range":28,"range_type":446,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":463,"vendor":463,"product":463,"cpe_part":464,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":465},"libgd","a",[466],{"version":467,"is_range":28,"range_type":446,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.2.5",{"ecosystem":9,"name":469,"vendor":9,"product":469,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":470},"PHP",[471,476,481,485],{"version":472,"is_range":473,"range_type":446,"version_start":9,"version_start_type":9,"version_end":474,"version_end_type":475,"fixed_in":9},"lt5.6.40",true,"5.6.40","excluding",{"version":477,"is_range":473,"range_type":446,"version_start":478,"version_start_type":479,"version_end":480,"version_end_type":475,"fixed_in":9},"gte7.0.0_lt7.1.26","7.0.0","including","7.1.26",{"version":482,"is_range":473,"range_type":446,"version_start":483,"version_start_type":479,"version_end":484,"version_end_type":475,"fixed_in":9},"gte7.2.0_lt7.2.14","7.2.0","7.2.14",{"version":486,"is_range":28,"range_type":446,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.3.0"]