Uninitialized read in gdImageCreateFromXbm

This bug is present in gdImageCreateFromXbm method of ext/gd/libgd/gd_xbm.c file. This method contains below mentioned lines. ```c ... unsigned int b; ... sscanf(h, "%x", &b); for (bit = 1; bit <= max_bit; bit = bit << 1) { gdImageSetPixel(im, x++, y, (b & bit) ? 1 : 0); ... ``` So when sscanf method is not able to read a hex value, "b" variable will contain uninitialized data. Bug Report : https://bugs.php.net/bug.php?id=77973 PHP Version : 7.1.29 CVE-ID : [2019-11038](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038) ## Impact Uninitialized data may leak data from stack memory.