CVE-2019-9639

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-9639
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9639.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-9639
Downstream
Related
Published
2019-03-09T00:29:00.600Z
Modified
2026-03-15T22:30:34.249383Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the data_len variable.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2e280a77845f3ca94ef19a1872106c52ad1cf4e3
Introduced
8148cbb78841c8ec0759c0836e7f35dec799d300
Fixed
260468acea4651c4721ec6fd3fa5f233deea2bca
Introduced
52ace952a1b65ca80fc2617f11c2fa6dd03f51bd
Fixed
9ebd7f36b1bcbb2b425ab8e903846f3339d6d566
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5dc92c2117cafc61daaaaa240fd46c3ac33872a4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c7fdb98bc59fe743c682e1362456474da6c92402
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.1.27"
        },
        {
            "introduced": "7.2.0"
        },
        {
            "fixed": "7.2.16"
        },
        {
            "introduced": "7.3.0"
        },
        {
            "fixed": "7.3.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9639.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "42.3"
            }
        ]
    }
]