GCVE - cpe:2.3:a:facebook:hhvm:4.19.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:facebook:hhvm:4.19.0:*:*:*:*:*:*:*

part: a version: 4.19.0 update: *

Vendor	Facebook (`c319c35a-3469-5baa-b3bd-8582d1206a92`)
Product	Hhvm (`f2db6c03-3315-587d-a49f-0af5739172b6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/facebook/hhvm`	purl2cpe	2026-06-01 10:11:42.804024

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-11929`	vulnerable	2026-06-03 14:39:34.027588	Details available Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0. Published: 2019-10-02T19:07:18.000Z Updated: 2024-08-04T23:10:29.479Z Open on db.gcve.eu Reference links https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692 https://hhvm.com/blog/2019/09/25/security-update.html https://www.facebook.com/security/advisories/cve-2019-11929	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11926`	vulnerable	2026-06-03 14:39:34.019725	Details available Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. Published: 2019-09-06T18:46:54.000Z Updated: 2024-08-04T23:10:29.525Z Open on db.gcve.eu Reference links https://hhvm.com/blog/2019/09/03/security-update.html https://github.com/facebook/hhvm/commit/f9680d21beaa9eb39d166e8810e29fbafa51ad15 https://www.facebook.com/security/advisories/cve-2019-11926	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11925`	vulnerable	2026-06-03 14:39:34.019198	Details available Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. Published: 2019-09-06T18:46:54.000Z Updated: 2024-08-04T23:10:29.481Z Open on db.gcve.eu Reference links https://github.com/facebook/hhvm/commit/f1cd34e63c2a0d9702be3d41462db7bfd0ae7da3 https://hhvm.com/blog/2019/09/03/security-update.html https://www.facebook.com/security/advisories/cve-2019-11925	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.