Unrated severityNVD Advisory· Published Aug 9, 2019· Updated Sep 17, 2024

heap-buffer-overflow on exif_process_user_comment in EXIF extension

CVE-2019-11042

Description

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Affected products

Php Group/PHPv5
Range: 7.1.x below 7.1.31

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2019:3299mitrevendor-advisoryx_refsource_REDHAT
usn.ubuntu.com/4097-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/4097-2/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2019/dsa-4527mitrevendor-advisoryx_refsource_DEBIAN
www.debian.org/security/2019/dsa-4529mitrevendor-advisoryx_refsource_DEBIAN
seclists.org/fulldisclosure/2019/Oct/15mitremailing-listx_refsource_FULLDISC
seclists.org/fulldisclosure/2019/Oct/55mitremailing-listx_refsource_FULLDISC
bugs.php.net/bug.phpmitrex_refsource_CONFIRM
lists.debian.org/debian-lts-announce/2019/08/msg00010.htmlmitremailing-listx_refsource_MLIST
seclists.org/bugtraq/2019/Oct/9mitremailing-listx_refsource_BUGTRAQ
seclists.org/bugtraq/2019/Sep/35mitremailing-listx_refsource_BUGTRAQ
seclists.org/bugtraq/2019/Sep/38mitremailing-listx_refsource_BUGTRAQ
security.netapp.com/advisory/ntap-20190822-0003/mitrex_refsource_CONFIRM
support.apple.com/kb/HT210634mitrex_refsource_CONFIRM
support.apple.com/kb/HT210722mitrex_refsource_CONFIRM
www.tenable.com/security/tns-2021-14mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000