9.1

CVE-2019-11036

EPSS 1.45%
Veröffentlicht 03.05.2019 20:29:00
Zuletzt bearbeitet 21.11.2024 04:20:24
Quelle security@php.net
CVE-Watchlists
Login
Unerledigt
Login

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Php ≫ Php Version >= 7.1.0 < 7.1.29

Php ≫ Php Version >= 7.2.0 < 7.2.18

Php ≫ Php Version >= 7.3.0 < 7.3.5

Fedoraproject ≫ Fedora Version28

Fedoraproject ≫ Fedora Version29

Fedoraproject ≫ Fedora Version30

Redhat ≫ Software Collections Version1.0

Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Canonical ≫ Ubuntu Linux Version19.04

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Opensuse ≫ Leap Version42.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.45%	0.802

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:N/A:P
security@php.net	4.8	2.2	2.5	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-126 Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

https://access.redhat.com/errata/RHSA-2019:2519

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3299

Third Party Advisory

https://usn.ubuntu.com/3566-2/

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html

Third Party Advisory

Mailing List

https://seclists.org/bugtraq/2019/Sep/38

Third Party Advisory

Mailing List

https://www.debian.org/security/2019/dsa-4529

Third Party Advisory

http://www.securityfocus.com/bid/108177

Third Party Advisory

VDB Entry

https://bugs.php.net/bug.php?id=77950

Vendor Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NFXYNCXZCPYT7ZN4ZLI5EPQQW44FRRO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BY2XUUAN277LS7HKAOGL4DVGAELOJV3/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WN2HLPGEZEF4MFM5YC5FILZB5QEQFP3A/

https://seclists.org/bugtraq/2019/Sep/35

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20190517-0003/

Third Party Advisory

https://usn.ubuntu.com/4009-1/

Third Party Advisory

https://www.debian.org/security/2019/dsa-4527

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-11036

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11036

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11036

EUVD