CVE-2019-11036

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-11036

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11036.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11036

Related

ALSA-2020:1624
DLA-1803-1
DSA-4527-1
DSA-4529-1
RLSA-2020:1624
SUSE-SU-2019:1325-1
SUSE-SU-2019:1360-1
SUSE-SU-2019:1365-1
SUSE-SU-2019:1461-1
SUSE-SU-2022:4067-1
UBUNTU-CVE-2019-11036
USN-3566-2
USN-4009-1
openSUSE-SU-2019:1572-1
openSUSE-SU-2019:1573-1
openSUSE-SU-2024:11167-1
openSUSE-SU-2024:11169-1

Published

2019-05-03T20:29:00Z

Modified

2024-09-02T23:13:33Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exifprocessIFD_TAG function. This may lead to information disclosure or crash.

References

http://www.securityfocus.com/bid/108177
https://access.redhat.com/errata/RHSA-2019:2519
https://access.redhat.com/errata/RHSA-2019:3299
https://bugs.php.net/bug.php?id=77950
https://security.netapp.com/advisory/ntap-20190517-0003/
https://www.debian.org/security/2019/dsa-4527
https://www.debian.org/security/2019/dsa-4529
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html
https://seclists.org/bugtraq/2019/Sep/35
https://seclists.org/bugtraq/2019/Sep/38
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NFXYNCXZCPYT7ZN4ZLI5EPQQW44FRRO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BY2XUUAN277LS7HKAOGL4DVGAELOJV3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WN2HLPGEZEF4MFM5YC5FILZB5QEQFP3A/
https://usn.ubuntu.com/3566-2/
https://usn.ubuntu.com/4009-1/

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

0221e9f827632942225586687a33cfd554860d5e

Fixed

1888e8141b865aab006feebbb7be559fc0fab811