CVE-2019-11040 Information
Share on:Description
When PHP EXIF extension is parsing EXIF information from an image e.g. via exif_read_data() function in PHP versions 7.1.x below 7.1.30 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Reference
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77988 https://seclists.org/bugtraq/2019/Sep/35 https://seclists.org/bugtraq/2019/Sep/38 https://www.debian.org/security/2019/dsa-4527 https://www.debian.org/security/2019/dsa-4529
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
HIGH
Base Severity
9.1