CVE-2019-11050

Sažetak

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Reference

https://bugs.php.net/bug.php?id=78793
https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html
https://security.netapp.com/advisory/ntap-20200103-0002/
https://usn.ubuntu.com/4239-1/
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html
https://seclists.org/bugtraq/2020/Feb/27
https://www.debian.org/security/2020/dsa-4626
https://seclists.org/bugtraq/2020/Feb/31
https://www.debian.org/security/2020/dsa-4628
https://seclists.org/bugtraq/2021/Jan/3
https://www.tenable.com/security/tns-2021-14
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:P

Zadnje važnije ažuriranje

07-11-2023 - 03:02

Objavljeno

23-12-2019 - 03:15