HHVM stands for HipHop virtual machine is a server designed for executing and running programs written and coded in PHP and other hack programming language. HHVM is a highly efficient open-source virtual machine developed by Facebook. HHVM uses just in time approach to reach superior and high performance while maintaining development flexibility that the PHP languages provide. All those using HHVM as servers like Wikipedia and box and also corporations to upload their images on the server may face the effect of the threat. The vulnerability that lies in the HHVM is possibly due to the memory overflow when a specially constructed invalid JPEG image is passed a flaw that allows an outside program to read data from outside the bounds of memory.
Image source: en.secnews.gr
CVE-2019-11925: Hackers access to memory through an invalid JPEG input when insufficient boundary check occurs while processing the JPEG APP12 block marker in GD extension.
CVE-2019-11926: Hackers access to memory through an invalid JPEG input when insufficient boundary check occurs while processing the JPEG APP12 block marker in GD extension.
HHVM uses just in time approach to reach superior and high performance while maintaining development flexibility that the PHP languages provide. The version in between HHVM 4.0.0 and 4.8.3 and version of HHVM 4.9.0 to 4.15.2 and HHVM versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1 are affected by the vulnerability. If any website or server is using HHVM immediate update is a must to avoid hackers to gain access to the information on the personal computer like details that are crucial and important. The above-mentioned vulnerabilities CVE-2019-11925 and CVE-2019-11926 also affect all version of HHVM versions including the one listed above also are dangerous to website and servers which have a prior version of 3.30.9.
Image source: www.zapbuild.com
Source: The Hacker News
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.