PT-2019-4835 · Php+7 · Php+7

Orestiskourides

Published

2019-05-07

Updated

2024-06-15

CVE-2019-11040

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions PHP versions 7.1.x through 7.1.29 PHP versions 7.2.x through 7.2.18 PHP versions 7.3.x through 7.3.5

Description The issue arises when the PHP EXIF extension parses EXIF information from an image, for example, via the exif read data() function. It is possible to supply the function with data that causes it to read past the allocated buffer, potentially leading to information disclosure or a crash. This may allow a remote attacker to gain unauthorized access to information or cause a denial of service.

Recommendations For PHP versions 7.1.x through 7.1.29, update to version 7.1.30 or later. For PHP versions 7.2.x through 7.2.18, update to version 7.2.19 or later. For PHP versions 7.3.x through 7.3.5, update to version 7.3.6 or later.

Exploit

Fix

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

ALSA-2020:1624

ALSA-2020:3662

ALT-PU-2019-1944

ALT-PU-2019-1959

BDU:2020-01419

CESA-2020_1624

CESA-2020_3662

CVE-2019-11040

DLA-1813-1

DSA-4527-1

DSA-4529-1

OESA-2022-1556

OPENSUSE-SU-2019:1778-1

OPENSUSE-SU-2019_1778-1

OPENSUSE-SU-2022_4067-1

OPENSUSE-SU-2024:11167-1

OPENSUSE-SU-2024:11169-1

RHSA-2019:2519

RHSA-2019:3299

RHSA-2020:1624

RHSA-2020:3662

RHSA-2020_1624

RHSA-2020_3662

RLSA-2020:1624

RLSA-2020:3662

SUSE-SU-2019:1724-1

SUSE-SU-2019:1725-1

SUSE-SU-2019:1746-1

SUSE-SU-2019:1832-1

SUSE-SU-2022:4067-1

USN-4009-1

USN-4009-2

Affected Products

Alt Linux

Almalinux

Centos

Php

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2019-4835 · Php+7 · Php+7

CVE-2019-11040

Weakness Enumeration

Related Identifiers

Affected Products

References · 564