CVE-2019-11041

Name
CVE-2019-11041
Description
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://bugs.php.net/bug.php?id=78222
Mailing List https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html
Third Party Advisory https://usn.ubuntu.com/4097-2/
Third Party Advisory https://usn.ubuntu.com/4097-1/
Third Party Advisory https://security.netapp.com/advisory/ntap-20190822-0003/
Mailing List https://seclists.org/bugtraq/2019/Sep/35
Third Party Advisory https://www.debian.org/security/2019/dsa-4527
Mailing List https://seclists.org/bugtraq/2019/Sep/38
Third Party Advisory https://www.debian.org/security/2019/dsa-4529
Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html
Third Party Advisory https://support.apple.com/kb/HT210634
Mailing List https://seclists.org/bugtraq/2019/Oct/9
Mailing List http://seclists.org/fulldisclosure/2019/Oct/15
Mailing List http://seclists.org/fulldisclosure/2019/Oct/55
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3299
Third Party Advisory https://support.apple.com/kb/HT210722
CONFIRM https://www.tenable.com/security/tns-2021-14

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 7.3.0 < 7.3.8
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 7.2.0 < 7.2.21
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 7.1.0 < 7.1.31

Vulnerable and fixed packages

Source package Branch Version Maintainer Status