[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-11036":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":29,"aliases":30,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":69,"related":70,"reserved_at":9,"published_at":80,"modified_at":81,"state":82,"summary":83,"references_raw":92,"kevs":184,"epss":185,"epss_history":188,"metrics":442,"affected":460},"CVE-2019-11036","When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.",null,[11,23],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],{"_key":24,"id":24,"name":25,"description":26,"type":15,"status":16,"abstraction":27,"likelihood_of_exploit":9,"capec":28},"CWE-126","Buffer Over-read","The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.","Variant",[],[],[],[],[33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67],{"_key":34},"SUSE-SU-2019:1325-1",{"_key":36},"SUSE-SU-2019:1360-1",{"_key":38},"SUSE-SU-2019:1365-1",{"_key":40},"SUSE-SU-2019:1461-1",{"_key":42},"SUSE-SU-2022:4067-1",{"_key":44},"OPENSUSE-SU-2019:1572-1",{"_key":46},"OPENSUSE-SU-2019:1573-1",{"_key":48},"OPENSUSE-SU-2024:11167-1",{"_key":50},"OPENSUSE-SU-2024:11169-1",{"_key":52},"RHSA-2020:1624",{"_key":54},"DLA-1803-1",{"_key":56},"DSA-4527-1",{"_key":58},"DSA-4529-1",{"_key":60},"UBUNTU-CVE-2019-11036",{"_key":62},"USN-3566-2",{"_key":64},"USN-4009-1",{"_key":66},"RHSA-2019:2519",{"_key":68},"RHSA-2019:3299",[],[71,72,73,74,75,76,77,78,79],{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},{"_key":50},"2019-05-03T19:28:15.566Z","2024-09-16T22:30:46.095Z","Modified",{"cisa_kev":84,"cisa_ransomware":84,"cisa_vendor":9,"epss_severity":85,"epss_score":86,"severity":87,"severity_score":88,"severity_version":89,"severity_source":90,"severity_vector":91,"severity_status":82},false,"low",0.01688,"critical",9.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",[93,101,108,113,117,121,126,131,136,141,145,149,153,157,162,167,172,176,180],{"url":94,"sources":95,"tags":97},"https://bugs.php.net/bug.php?id=77950",[96,90],"cve.org",[98,99,100],"X Refsource MISC","Mailing List","Vendor Advisory",{"url":102,"sources":103,"tags":104},"http://www.securityfocus.com/bid/108177",[96,90],[105,106,107],"VDB Entry","X Refsource BID","Third Party Advisory",{"url":109,"sources":110,"tags":111},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BY2XUUAN277LS7HKAOGL4DVGAELOJV3/",[96,90],[100,112],"X Refsource FEDORA",{"url":114,"sources":115,"tags":116},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NFXYNCXZCPYT7ZN4ZLI5EPQQW44FRRO/",[96,90],[100,112],{"url":118,"sources":119,"tags":120},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WN2HLPGEZEF4MFM5YC5FILZB5QEQFP3A/",[96,90],[100,112],{"url":122,"sources":123,"tags":124},"https://security.netapp.com/advisory/ntap-20190517-0003/",[96,90],[125,107],"X Refsource CONFIRM",{"url":127,"sources":128,"tags":129},"https://usn.ubuntu.com/3566-2/",[96,90],[100,130,107],"X Refsource UBUNTU",{"url":132,"sources":133,"tags":134},"https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html",[96,90],[99,135,107],"X Refsource MLIST",{"url":137,"sources":138,"tags":139},"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html",[96,90],[100,140,99,107],"X Refsource SUSE",{"url":142,"sources":143,"tags":144},"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html",[96,90],[100,140,99,107],{"url":146,"sources":147,"tags":148},"https://usn.ubuntu.com/4009-1/",[96,90],[100,130,107],{"url":150,"sources":151,"tags":152},"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html",[96,90],[100,140,99,107],{"url":154,"sources":155,"tags":156},"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html",[96,90],[100,140,99,107],{"url":158,"sources":159,"tags":160},"https://access.redhat.com/errata/RHSA-2019:2519",[96,90],[100,161,107],"X Refsource REDHAT",{"url":163,"sources":164,"tags":165},"https://seclists.org/bugtraq/2019/Sep/35",[96,90],[99,166,107],"X Refsource BUGTRAQ",{"url":168,"sources":169,"tags":170},"https://www.debian.org/security/2019/dsa-4527",[96,90],[100,171,107],"X Refsource DEBIAN",{"url":173,"sources":174,"tags":175},"https://www.debian.org/security/2019/dsa-4529",[96,90],[100,171,107],{"url":177,"sources":178,"tags":179},"https://seclists.org/bugtraq/2019/Sep/38",[96,90],[99,166,107],{"url":181,"sources":182,"tags":183},"https://access.redhat.com/errata/RHSA-2019:3299",[96,90],[100,161,107],[],{"date":186,"score":86,"percentile":187},"2026-06-04",0.82563,[189,193,196,199,202,205,208,211,214,217,220,223,226,229,231,235,238,241,244,247,250,252,255,257,259,261,263,266,270,273,276,279,282,285,288,291,294,297,300,304,307,310,313,316,319,322,325,328,331,334,336,338,341,344,348,350,352,355,357,361,364,366,369,372,374,377,380,382,384,386,388,390,392,394,397,400,403,406,409,412,415,418,421,424,427,430,432,435,437,439],{"date":190,"score":191,"percentile":192},"2025-11-04",0.01451,0.8014,{"date":194,"score":191,"percentile":195},"2025-11-05",0.80141,{"date":197,"score":191,"percentile":198},"2025-11-06",0.80142,{"date":200,"score":191,"percentile":201},"2025-11-07",0.80154,{"date":203,"score":191,"percentile":204},"2025-11-08",0.8016,{"date":206,"score":191,"percentile":207},"2025-11-09",0.80156,{"date":209,"score":191,"percentile":210},"2025-11-10",0.8015,{"date":212,"score":191,"percentile":213},"2025-11-11",0.80155,{"date":215,"score":191,"percentile":216},"2025-11-12",0.80168,{"date":218,"score":191,"percentile":219},"2025-11-13",0.80174,{"date":221,"score":191,"percentile":222},"2025-11-14",0.8018,{"date":224,"score":191,"percentile":225},"2025-11-15",0.80179,{"date":227,"score":191,"percentile":228},"2025-11-16",0.80177,{"date":230,"score":191,"percentile":228},"2025-11-17",{"date":232,"score":233,"percentile":234},"2025-11-18",0.04163,0.87552,{"date":236,"score":233,"percentile":237},"2025-11-19",0.87558,{"date":239,"score":233,"percentile":240},"2025-11-20",0.87563,{"date":242,"score":191,"percentile":243},"2025-11-21",0.80195,{"date":245,"score":191,"percentile":246},"2025-11-22",0.80199,{"date":248,"score":191,"percentile":249},"2025-11-23",0.80191,{"date":251,"score":191,"percentile":249},"2025-11-24",{"date":253,"score":191,"percentile":254},"2025-11-25",0.80193,{"date":256,"score":191,"percentile":243},"2025-11-26",{"date":258,"score":191,"percentile":246},"2025-11-27",{"date":260,"score":191,"percentile":249},"2025-11-28",{"date":262,"score":191,"percentile":243},"2025-11-29",{"date":264,"score":191,"percentile":265},"2025-11-30",0.80197,{"date":267,"score":268,"percentile":269},"2025-12-01",0.02609,0.85221,{"date":271,"score":268,"percentile":272},"2025-12-02",0.85225,{"date":274,"score":268,"percentile":275},"2025-12-03",0.85226,{"date":277,"score":191,"percentile":278},"2025-12-04",0.80201,{"date":280,"score":191,"percentile":281},"2025-12-05",0.80207,{"date":283,"score":191,"percentile":284},"2025-12-06",0.8021,{"date":286,"score":191,"percentile":287},"2025-12-07",0.80212,{"date":289,"score":191,"percentile":290},"2025-12-08",0.80218,{"date":292,"score":191,"percentile":293},"2025-12-09",0.80233,{"date":295,"score":191,"percentile":296},"2025-12-10",0.80257,{"date":298,"score":191,"percentile":299},"2025-12-11",0.80269,{"date":301,"score":302,"percentile":303},"2025-12-12",0.01721,0.81903,{"date":305,"score":302,"percentile":306},"2025-12-13",0.81902,{"date":308,"score":302,"percentile":309},"2025-12-14",0.819,{"date":311,"score":302,"percentile":312},"2025-12-15",0.81897,{"date":314,"score":302,"percentile":315},"2025-12-16",0.81908,{"date":317,"score":302,"percentile":318},"2025-12-17",0.81913,{"date":320,"score":302,"percentile":321},"2025-12-18",0.81924,{"date":323,"score":302,"percentile":324},"2025-12-19",0.81929,{"date":326,"score":302,"percentile":327},"2025-12-20",0.81922,{"date":329,"score":302,"percentile":330},"2025-12-21",0.8192,{"date":332,"score":302,"percentile":333},"2025-12-22",0.81917,{"date":335,"score":302,"percentile":330},"2025-12-23",{"date":337,"score":302,"percentile":324},"2025-12-24",{"date":339,"score":302,"percentile":340},"2025-12-25",0.81945,{"date":342,"score":302,"percentile":343},"2025-12-26",0.81944,{"date":345,"score":346,"percentile":347},"2025-12-27",0.00903,0.75196,{"date":349,"score":302,"percentile":324},"2025-12-28",{"date":351,"score":302,"percentile":321},"2025-12-29",{"date":353,"score":302,"percentile":354},"2025-12-30",0.81931,{"date":356,"score":302,"percentile":340},"2025-12-31",{"date":358,"score":359,"percentile":360},"2026-01-01",0.03084,0.86426,{"date":362,"score":359,"percentile":363},"2026-01-02",0.86429,{"date":365,"score":359,"percentile":363},"2026-01-03",{"date":367,"score":302,"percentile":368},"2026-01-04",0.81923,{"date":370,"score":302,"percentile":371},"2026-01-05",0.81919,{"date":373,"score":302,"percentile":321},"2026-01-06",{"date":375,"score":302,"percentile":376},"2026-01-07",0.81926,{"date":378,"score":302,"percentile":379},"2026-01-08",0.81934,{"date":381,"score":302,"percentile":379},"2026-01-09",{"date":383,"score":302,"percentile":379},"2026-01-10",{"date":385,"score":302,"percentile":324},"2026-01-11",{"date":387,"score":302,"percentile":368},"2026-01-12",{"date":389,"score":302,"percentile":327},"2026-01-13",{"date":391,"score":302,"percentile":340},"2026-01-14",{"date":393,"score":302,"percentile":343},"2026-01-15",{"date":395,"score":302,"percentile":396},"2026-01-16",0.81954,{"date":398,"score":302,"percentile":399},"2026-01-17",0.81955,{"date":401,"score":302,"percentile":402},"2026-01-18",0.81952,{"date":404,"score":302,"percentile":405},"2026-01-19",0.81947,{"date":407,"score":302,"percentile":408},"2026-01-20",0.81951,{"date":410,"score":302,"percentile":411},"2026-01-21",0.81958,{"date":413,"score":302,"percentile":414},"2026-01-22",0.81965,{"date":416,"score":302,"percentile":417},"2026-01-23",0.81989,{"date":419,"score":302,"percentile":420},"2026-01-24",0.81996,{"date":422,"score":302,"percentile":423},"2026-01-25",0.81987,{"date":425,"score":302,"percentile":426},"2026-01-26",0.81986,{"date":428,"score":302,"percentile":429},"2026-01-27",0.81984,{"date":431,"score":302,"percentile":429},"2026-01-28",{"date":433,"score":302,"percentile":434},"2026-01-29",0.81983,{"date":436,"score":302,"percentile":429},"2026-01-30",{"date":438,"score":302,"percentile":417},"2026-01-31",{"date":440,"score":359,"percentile":441},"2026-02-01",0.86478,[443,450],{"source":96,"cvss_v2_0":9,"cvss_v3_0":444,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":445,"baseSeverity":446,"vectorString":447,"impactScore":448,"exploitabilityScore":449},4.8,"MEDIUM","CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",4.2,5.6,{"source":90,"cvss_v2_0":451,"cvss_v3_0":456,"cvss_v3_1":457,"cvss_v4_0":9},{"baseScore":452,"baseSeverity":9,"vectorString":453,"impactScore":454,"exploitabilityScore":455},6.4,"AV:N/AC:L/Au:N/C:P/I:N/A:P",4.9,10,{"baseScore":445,"baseSeverity":446,"vectorString":447,"impactScore":448,"exploitabilityScore":449},{"baseScore":88,"baseSeverity":458,"vectorString":91,"impactScore":459,"exploitabilityScore":455},"CRITICAL",8.7,[461,480,491,501,511,529,540],{"ecosystem":9,"name":462,"vendor":463,"product":464,"cpe_part":465,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":466},"ubuntu linux","canonical","ubuntu_linux","o",[467,470,472,474,476,478],{"version":468,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":471,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":473,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":475,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":477,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.10",{"version":479,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19.04",{"ecosystem":9,"name":481,"vendor":482,"product":483,"cpe_part":465,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":484},"debian linux","debian","debian_linux",[485,487,489],{"version":486,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":488,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"version":490,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":9,"name":492,"vendor":493,"product":492,"cpe_part":465,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":494},"fedora","fedoraproject",[495,497,499],{"version":496,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"28",{"version":498,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"29",{"version":500,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"ecosystem":9,"name":502,"vendor":503,"product":502,"cpe_part":465,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":504},"leap","opensuse",[505,507,509],{"version":506,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0",{"version":508,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"version":510,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"42.3",{"ecosystem":9,"name":512,"vendor":9,"product":512,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":513},"PHP",[514,521,525],{"version":515,"is_range":516,"range_type":96,"version_start":517,"version_start_type":518,"version_end":519,"version_end_type":520,"fixed_in":9},">= 7.1.x, \u003C 7.1.29",true,"7.1.x","including","7.1.29","excluding",{"version":522,"is_range":516,"range_type":96,"version_start":523,"version_start_type":518,"version_end":524,"version_end_type":520,"fixed_in":9},">= 7.2.x, \u003C 7.2.18","7.2.x","7.2.18",{"version":526,"is_range":516,"range_type":96,"version_start":527,"version_start_type":518,"version_end":528,"version_end_type":520,"fixed_in":9},">= 7.3.x, \u003C 7.3.5","7.3.x","7.3.5",{"ecosystem":9,"name":512,"vendor":9,"product":512,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":530},[531,534,537],{"version":532,"is_range":516,"range_type":469,"version_start":533,"version_start_type":518,"version_end":519,"version_end_type":520,"fixed_in":9},"gte7.1.0_lt7.1.29","7.1.0",{"version":535,"is_range":516,"range_type":469,"version_start":536,"version_start_type":518,"version_end":524,"version_end_type":520,"fixed_in":9},"gte7.2.0_lt7.2.18","7.2.0",{"version":538,"is_range":516,"range_type":469,"version_start":539,"version_start_type":518,"version_end":528,"version_end_type":520,"fixed_in":9},"gte7.3.0_lt7.3.5","7.3.0",{"ecosystem":9,"name":541,"vendor":542,"product":543,"cpe_part":544,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":545},"software collections","redhat","software_collections","a",[546],{"version":547,"is_range":84,"range_type":469,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.0"]