CVE-2019-11040
Advisory lineage Upstream: 0 Downstream: 18
Modified
Published: 18 Jun 2019, 23:28
Last modified:16 Sept 2024, 17:23
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.1 CRITICAL
v3.1 (nvd)
EPSS Score
1.21% LOW
1% probability -0.02%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
18 Jun 2019, 23:28
Published
Vulnerability first disclosed
16 Sept 2024, 17:23
Last Modified
Vulnerability information updated
Description
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
- v3.0•MEDIUM•Score: 4.8CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
- v2.0•MEDIUM•Score: 6.4AV:N/AC:L/Au:N/C:P/I:N/A:P
EPSS Trends
Current EPSS score: 1.21%• Percentile: 79%
Techniques & Countermeasures
- CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
Affected Systems
- debian•debian_linux
9.0 | 10.0
- opensuse•leap
15.0 | 15.1
- Unknown•PHP
7.1.30 | 7.2.19 | 7.3.6
- Unknown•PHP
≥ 7.1.0, < 7.1.30 | ≥ 7.2.0, < 7.2.19 | ≥ 7.3.0, < 7.3.6
- redhat•software_collections
1.0
References (8)
- https://bugs.php.net/bug.php?id=77988
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html
- https://access.redhat.com/errata/RHSA-2019:2519
- https://seclists.org/bugtraq/2019/Sep/35
- https://www.debian.org/security/2019/dsa-4527
- https://www.debian.org/security/2019/dsa-4529
- https://seclists.org/bugtraq/2019/Sep/38
- https://access.redhat.com/errata/RHSA-2019:3299