CVE-2019-9640

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-9640
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9640.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-9640
Downstream
Related
Published
2019-03-09T00:29:00.647Z
Modified
2026-04-10T04:20:54.431421Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exifprocessSOFn.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0221e9f827632942225586687a33cfd554860d5e
Fixed
2e280a77845f3ca94ef19a1872106c52ad1cf4e3
Introduced
8148cbb78841c8ec0759c0836e7f35dec799d300
Fixed
260468acea4651c4721ec6fd3fa5f233deea2bca
Introduced
52ace952a1b65ca80fc2617f11c2fa6dd03f51bd
Fixed
9ebd7f36b1bcbb2b425ab8e903846f3339d6d566
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5dc92c2117cafc61daaaaa240fd46c3ac33872a4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c7fdb98bc59fe743c682e1362456474da6c92402
Database specific 
{
    "versions": [
        {
            "introduced": "7.1.0"
        },
        {
            "fixed": "7.1.27"
        },
        {
            "introduced": "7.2.0"
        },
        {
            "fixed": "7.2.16"
        },
        {
            "introduced": "7.3.0"
        },
        {
            "fixed": "7.3.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0"
        }
    ]
}

Affected versions

Other
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
RELEASE_1_0
php-7.*
php-7.3.3RC1
php-8.*
php-8.0.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9640.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "42.3"
            }
        ]
    }
]