CVE-2019-11034

Опубликовано: 18 апр. 2019

Источник: nvd

CVSS3: 4.8

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2519
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3299
Third Party Advisory
https://bugs.php.net/bug.php?id=77753
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/38
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190502-0001/
Third Party Advisory
https://support.f5.com/csp/article/K44590877
Third Party Advisory
https://usn.ubuntu.com/3953-1/
Third Party Advisory
https://usn.ubuntu.com/3953-2/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4529
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2519
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3299
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Версия от 7.1.0 (включая) до 7.1.28 (исключая)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Версия от 7.2.9 (включая) до 7.2.17 (исключая)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Версия от 7.3.0 (включая) до 7.3.4 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03536

Низкий

4.8 Medium

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2019-11034

CVSS3: 9.1

ubuntu

около 6 лет назад

CVE-2019-11034

CVSS3: 6.5

redhat

больше 6 лет назад

CVE-2019-11034

CVSS3: 9.1

debian

около 6 лет назад

When processing certain files, PHP EXIF extension in versions 7.1.x be ...

GHSA-x3rx-2m8v-q2vm

CVSS3: 9.1

github

около 3 лет назад

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

BDU:2020-01418

CVSS3: 9.1

fstec

больше 6 лет назад

Уязвимость функции exif_process_IFD_TAG интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к информации или вызвать отказ в обслуживании

EPSS

Процентиль: 87%

0.03536

Низкий

4.8 Medium

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-125