CVE-2019-11047

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-11047
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11047.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-11047
Related
Published
2019-12-23T03:15:11Z
Modified
2024-09-02T23:07:10Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
Summary
[none]
Details

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events