CVE-2019-11041
- Source
- https://cve.org/CVERecord?id=CVE-2019-11041
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11041.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-11041
- Downstream
- Related
- Published
- 2019-08-09T20:15:11.050Z
- Modified
- 2026-04-10T04:14:03.189570Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
- References
-
- https://usn.ubuntu.com/4097-1/
- https://usn.ubuntu.com/4097-2/
- https://www.debian.org/security/2019/dsa-4527
- https://seclists.org/bugtraq/2019/Oct/9
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html
- https://access.redhat.com/errata/RHSA-2019:3299
- https://seclists.org/bugtraq/2019/Sep/35
- https://www.debian.org/security/2019/dsa-4529
- http://seclists.org/fulldisclosure/2019/Oct/15
- http://seclists.org/fulldisclosure/2019/Oct/55
- https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html
- https://seclists.org/bugtraq/2019/Sep/38
- https://support.apple.com/kb/HT210634
- https://www.tenable.com/security/tns-2021-14
- https://security.netapp.com/advisory/ntap-20190822-0003/
- https://support.apple.com/kb/HT210722
- https://bugs.php.net/bug.php?id=78222
Affected packages
Git / github.com/php/php-src
Affected ranges
- Type
- GIT
- Repo
- https://github.com/php/php-src
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "7.1.0" }, { "fixed": "7.1.31" }, { "introduced": "7.2.0" }, { "fixed": "7.2.21" }, { "introduced": "7.3.0" }, { "fixed": "7.3.8" }, { "introduced": "0" }, { "last_affected": "8.0" }, { "introduced": "0" }, { "last_affected": "1.0" } ] }
Affected versions
Other
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
RELEASE_1_0
php-7.*
php-7.3.8RC1
php-8.*
php-8.0.0
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.15.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.19.0"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11041.json"