CVE-2019-9640

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-9640

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9640.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-9640

Related

ALSA-2020:1624
DLA-1741-1
DSA-4403-1
RHSA-2019:2519
RHSA-2019:3299
RHSA-2020:1624
RLSA-2020:1624
SUSE-SU-2019:0988-1
SUSE-SU-2019:1325-1
SUSE-SU-2019:14013-1
SUSE-SU-2019:1461-1
SUSE-SU-2022:4067-1
UBUNTU-CVE-2019-9640
USN-3922-1
USN-3922-2
openSUSE-SU-2019:1572-1
openSUSE-SU-2019:1573-1
openSUSE-SU-2024:11167-1
openSUSE-SU-2024:11169-1

Published

2019-03-09T00:29:00Z

Modified

2024-09-02T23:07:10Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exifprocessSOFn.

References

https://access.redhat.com/errata/RHSA-2019:2519
https://access.redhat.com/errata/RHSA-2019:3299
https://bugs.php.net/bug.php?id=77540
https://security.netapp.com/advisory/ntap-20190502-0007/
https://www.debian.org/security/2019/dsa-4403
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html
https://usn.ubuntu.com/3922-1/
https://usn.ubuntu.com/3922-2/
https://usn.ubuntu.com/3922-3/

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

0221e9f827632942225586687a33cfd554860d5e

Fixed

2e280a77845f3ca94ef19a1872106c52ad1cf4e3