Unrated severityNVD Advisory· Published Jun 18, 2019· Updated Sep 16, 2024

Heap buffer overflow in EXIF extension

CVE-2019-11040

Description

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Affected products

Php Group/PHPv5
Range: 7.1.30

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2019:2519mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:3299mitrevendor-advisoryx_refsource_REDHAT
www.debian.org/security/2019/dsa-4527mitrevendor-advisoryx_refsource_DEBIAN
www.debian.org/security/2019/dsa-4529mitrevendor-advisoryx_refsource_DEBIAN
bugs.php.net/bug.phpmitrex_refsource_CONFIRM
seclists.org/bugtraq/2019/Sep/35mitremailing-listx_refsource_BUGTRAQ
seclists.org/bugtraq/2019/Sep/38mitremailing-listx_refsource_BUGTRAQ

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000