CVE-2019-11035

CRITICAL

Php < 7.1.28 - Out-of-Bounds Read

Title source: rule
STIX 2.1

Description

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.

References (14)

Core 14
Core References
Exploit, Mailing List, Vendor Advisory x_refsource_misc
https://bugs.php.net/bug.php?id=77831
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3953-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3953-2/
Patch, Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190502-0001/
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K44590877
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2519
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4529
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Sep/38
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3299

Scores

CVSS v3 9.1
EPSS 0.0297
EPSS Percentile 86.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CWE
CWE-125
Status published
Products (14)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 18.10
canonical/ubuntu_linux 19.04
debian/debian_linux 8.0
debian/debian_linux 9.0
netapp/storage_automation_store
opensuse/leap 15.0
... and 4 more
Published Apr 18, 2019
Tracked Since Feb 18, 2026