When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
http://www.securityfocus.com/bid/108177
https://access.redhat.com/errata/RHSA-2019:2519
https://access.redhat.com/errata/RHSA-2019:3299
https://bugs.php.net/bug.php?id=77950
https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html
https://seclists.org/bugtraq/2019/Sep/35
https://seclists.org/bugtraq/2019/Sep/38
https://security.netapp.com/advisory/ntap-20190517-0003/
https://usn.ubuntu.com/3566-2/
https://usn.ubuntu.com/4009-1/
Source: MITRE
Published: 2019-05-03
Updated: 2020-10-02
Type: CWE-125
Base Score: 6.4
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Impact Score: 5.2
Exploitability Score: 3.9
Severity: CRITICAL
OR
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
OR
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
OR
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
OR
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
OR
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
145814 | CentOS 8 : php:7.2 (CESA-2020:1624) | Nessus | CentOS Local Security Checks | high |
142352 | EulerOS 2.0 SP2 : php (EulerOS-SA-2020-2384) | Nessus | Huawei Local Security Checks | high |
140834 | EulerOS 2.0 SP3 : php (EulerOS-SA-2020-2067) | Nessus | Huawei Local Security Checks | high |
136057 | RHEL 8 : php:7.2 (RHSA-2020:1624) | Nessus | Red Hat Local Security Checks | high |
129107 | Debian DSA-4529-1 : php7.0 - security update | Nessus | Debian Local Security Checks | medium |
129073 | Debian DSA-4527-1 : php7.3 - security update | Nessus | Debian Local Security Checks | medium |
126282 | EulerOS 2.0 SP8 : php (EulerOS-SA-2019-1655) | Nessus | Huawei Local Security Checks | medium |
126035 | openSUSE Security Update : php7 (openSUSE-2019-1573) | Nessus | SuSE Local Security Checks | high |
126034 | openSUSE Security Update : php7 (openSUSE-2019-1572) | Nessus | SuSE Local Security Checks | high |
125904 | Amazon Linux AMI : php71 / php72,php73 (ALAS-2019-1225) | Nessus | Amazon Linux Local Security Checks | medium |
125850 | SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2019:1461-1) | Nessus | SuSE Local Security Checks | high |
125769 | Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : php7.0, php7.2 vulnerabilities (USN-4009-1) | Nessus | Ubuntu Local Security Checks | medium |
125700 | openSUSE Security Update : php5 (openSUSE-2019-1503) | Nessus | SuSE Local Security Checks | medium |
125699 | openSUSE Security Update : php7 (openSUSE-2019-1501) | Nessus | SuSE Local Security Checks | medium |
125538 | SUSE SLES12 Security Update : php7 (SUSE-SU-2019:1365-1) | Nessus | SuSE Local Security Checks | medium |
125471 | SUSE SLES12 Security Update : php72 (SUSE-SU-2019:1360-1) | Nessus | SuSE Local Security Checks | medium |
125457 | SUSE SLES12 Security Update : php5 (SUSE-SU-2019:1325-1) | Nessus | SuSE Local Security Checks | medium |
125409 | Debian DLA-1803-1 : php5 security update | Nessus | Debian Local Security Checks | medium |
125352 | Ubuntu 14.04 LTS : PHP vulnerabilities (USN-3566-2) | Nessus | Ubuntu Local Security Checks | high |
98601 | PHP 7.1.x < 7.1.29 Heap-based Buffer Overflow Vulnerability | Web Application Scanning | Component Vulnerability | medium |
98600 | PHP 7.2.x < 7.2.18 Heap-based Buffer Overflow Vulnerability | Web Application Scanning | Component Vulnerability | medium |
98599 | PHP 7.3.x < 7.3.5 Heap-based Buffer Overflow Vulnerability | Web Application Scanning | Component Vulnerability | medium |
124784 | Fedora 28 : php (2019-bab3944fee) | Nessus | Fedora Local Security Checks | medium |
124783 | Fedora 29 : php (2019-6e325234a4) | Nessus | Fedora Local Security Checks | medium |
124782 | Fedora 30 : php (2019-6350c4e21a) | Nessus | Fedora Local Security Checks | medium |
124764 | PHP 7.3.x < 7.3.5 Heap-based Buffer Overflow Vulnerability. | Nessus | CGI abuses | medium |
124763 | PHP 7.2.x < 7.2.18 Heap-based Buffer Overflow Vulnerability. | Nessus | CGI abuses | medium |
124762 | PHP 7.1.x < 7.1.29 Heap-based Buffer Overflow Vulnerability. | Nessus | CGI abuses | medium |