PT-2019-5008 · Php+7 · Php+7

Orestiskourides

Published

2019-07-05

Updated

2024-06-15

CVE-2019-11042

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PHP versions 7.1.x through 7.1.30 PHP versions 7.2.x through 7.2.20 PHP versions 7.3.x through 7.3.7

Description The issue arises when the PHP EXIF extension parses EXIF information from an image, for example, via the exif read data() function. It is possible to supply the function with data that causes it to read past the allocated buffer, potentially leading to information disclosure or a crash. This may allow a remote attacker to gain unauthorized access to information or cause a denial of service.

Recommendations For PHP versions 7.1.x through 7.1.30, update to version 7.1.31 or later. For PHP versions 7.2.x through 7.2.20, update to version 7.2.21 or later. For PHP versions 7.3.x through 7.3.7, update to version 7.3.8 or later.

Exploit

Fix

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-119

Related Identifiers

ALSA-2020:1624

ALSA-2020:3662

ALT-PU-2019-2389

ALT-PU-2019-2856

BDU:2020-01632

CESA-2020_1624

CESA-2020_3662

CVE-2019-11042

DLA-1878-1

DSA-4527-1

DSA-4529-1

MGASA-2019-0218

OPENSUSE-SU-2019:2271-1

OPENSUSE-SU-2019_2271-1

OPENSUSE-SU-2022_4067-1

OPENSUSE-SU-2024:11167-1

OPENSUSE-SU-2024:11169-1

RHSA-2019:3299

RHSA-2020:1624

RHSA-2020:3662

RHSA-2020_1624

RHSA-2020_3662

RLSA-2020:1624

RLSA-2020:3662

SUSE-SU-2019:14158-1

SUSE-SU-2019:2243-1

SUSE-SU-2019:2270-1

SUSE-SU-2019:2503-1

SUSE-SU-2019_14158-1

SUSE-SU-2020:0522-1

SUSE-SU-2022:4067-1

USN-4097-1

USN-4097-2

Affected Products

Alt Linux

Almalinux

Centos

Php

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2019-5008 · Php+7 · Php+7

CVE-2019-11042

Weakness Enumeration

Related Identifiers

Affected Products

References · 577