Vulnerability CVE-2019-11047: Information

Description

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-11047
Published: Dec. 23, 2019
Modified: Nov. 7, 2023
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
php7p107.3.13-alt17.4.33-alt1ALT-PU-2019-3355-1243313Fixed
php7p97.3.13-alt17.3.33-alt1ALT-PU-2019-3390-1243314Fixed
php7p87.2.26-alt17.2.34-alt1ALT-PU-2019-3332-1243177Fixed
php7c10f17.3.13-alt17.4.33-alt1ALT-PU-2019-3355-1243313Fixed
php7c9f27.3.13-alt17.4.33-alt1ALT-PU-2019-3390-1243314Fixed
php7-curlp87.2.26-alt17.2.34-alt1ALT-PU-2019-3333-1243177Fixed
php7-intlp87.2.26-alt17.2.34-alt1ALT-PU-2019-3339-1243177Fixed
php7-opcachep87.2.26-alt1.17.2.34-alt1.1ALT-PU-2019-3340-1243177Fixed
php7-opensslp87.2.26-alt1.17.2.34-alt1.1ALT-PU-2019-3334-1243177Fixed
php7-pdo_mysqlp87.2.26-alt17.2.34-alt1ALT-PU-2019-3335-1243177Fixed
php7-pgsqlp87.2.26-alt1.27.2.34-alt1.2ALT-PU-2019-3336-1243177Fixed
php7-tidyp87.2.26-alt17.2.34-alt1ALT-PU-2019-3342-1243177Fixed
php7-xmlrpcp87.2.26-alt17.2.34-alt1ALT-PU-2019-3341-1243177Fixed
php7-xslp87.2.26-alt17.2.34-alt1ALT-PU-2019-3338-1243177Fixed
php7-zipp87.2.26-alt1.17.2.34-alt1.1ALT-PU-2019-3337-1243177Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugs.php.net/bug.php?id=78910
  • Exploit
  • Patch
  • Vendor Advisory
[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update
  • Mailing List
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20200103-0002/
  • Third Party Advisory
USN-4239-1
  • Third Party Advisory
openSUSE-SU-2020:0080
  • Mailing List
  • Third Party Advisory
20200218 [SECURITY] [DSA 4626-1] php7.3 security update
  • Mailing List
  • Third Party Advisory
DSA-4626
  • Third Party Advisory
20200219 [SECURITY] [DSA 4628-1] php7.0 security update
  • Mailing List
  • Third Party Advisory
DSA-4628
  • Third Party Advisory
20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update
  • Mailing List
  • Third Party Advisory
https://www.tenable.com/security/tns-2021-14
  • Third Party Advisory
FEDORA-2019-437d94e271
    FEDORA-2019-a54a622670

        1. Configuration 1

          cpe:2.3:a:php:php:7.4.0:*:*:*:*:*:*:*
          cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
          Start including
          7.2.0
          End excliding
          7.2.26
          cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
          Start including
          7.3.0
          End excliding
          7.3.13

          Configuration 2

          cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
          cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

          Configuration 3

          cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
          cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
          cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

          Configuration 4

          cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.4.2
      Back to top