Description
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
References (8)
Core 8
Core References
Exploit, Mailing List, Vendor Advisory x_refsource_confirm
https://bugs.php.net/bug.php?id=77988
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2519
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Sep/35
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4527
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4529
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Sep/38
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3299
Scores
CVSS v3
9.1
EPSS
0.0121
EPSS Percentile
79.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (6)
debian/debian_linux
9.0
debian/debian_linux
10.0
opensuse/leap
15.0
opensuse/leap
15.1
php/php
7.1.0 - 7.1.30
redhat/software_collections
1.0
Published
Jun 19, 2019
Tracked Since
Feb 18, 2026