CVE-2019-11050

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-11050
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11050.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-11050
Related
Withdrawn
2024-05-08T06:50:18.214228Z
Published
2019-12-23T03:15:11Z
Modified
2023-11-07T03:02:38Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
Summary
[none]
Details

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

References

Affected packages

Git / github.com/php/php-src