CVE-2019-11042

Опубликовано: 09 авг. 2019

Источник: redhat

CVSS3: 3.7

Описание

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	php	Out of support scope
Red Hat Enterprise Linux 5	php53	Out of support scope
Red Hat Enterprise Linux 6	php	Out of support scope
Red Hat Enterprise Linux 7	php	Fix deferred
Red Hat Software Collections	rh-php70-php	Fix deferred
Red Hat Software Collections	rh-php71-php	Out of support scope
Red Hat Software Collections	rh-php73-php	Not affected
Red Hat Enterprise Linux 8	php	Fixed	RHSA-2020:1624	28.04.2020
Red Hat Enterprise Linux 8	php	Fixed	RHSA-2020:3662	08.09.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7	rh-php72-php	Fixed	RHSA-2019:3299	01.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-120

https://bugzilla.redhat.com/show_bug.cgi?id=1739465php: Heap buffer over-read in exif_process_user_comment()

3.7 Low

CVSS3

Связанные уязвимости

CVE-2019-11042

CVSS3: 7.1

ubuntu

почти 6 лет назад

CVE-2019-11042

CVSS3: 7.1

nvd

почти 6 лет назад

CVE-2019-11042

CVSS3: 7.1

debian

почти 6 лет назад

When PHP EXIF extension is parsing EXIF information from an image, e.g ...

GHSA-pg67-q5vx-48xq

CVSS3: 7.1

github

около 3 лет назад

openSUSE-SU-2019:2271-1

suse-cvrf

больше 5 лет назад

Security update for php7

3.7 Low

CVSS3