CVE-2019-11042

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-11042
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11042.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-11042
Related
Published
2019-08-09T20:15:11Z
Modified
2024-09-02T23:13:33Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVSS Calculator
Summary
[none]
Details

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0221e9f827632942225586687a33cfd554860d5e
Fixed
1c01a1579ed554bd22dfcdcf38e94b554b90a585