CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CVE-2019-11040 (GCVE-0-2019-11040)
Vulnerability from cvelistv5 – Published: 2019-06-18 23:28 – Updated: 2024-09-16 17:23
VLAI
Title
Heap buffer overflow in EXIF extension
Summary
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
Severity
4.8 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugs.php.net/bug.php?id=77988 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://access.redhat.com/errata/RHSA-2019:2519 | vendor-advisoryx_refsource_REDHAT |
| https://seclists.org/bugtraq/2019/Sep/35 | mailing-listx_refsource_BUGTRAQ |
| https://www.debian.org/security/2019/dsa-4527 | vendor-advisoryx_refsource_DEBIAN |
| https://www.debian.org/security/2019/dsa-4529 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2019/Sep/38 | mailing-listx_refsource_BUGTRAQ |
| https://access.redhat.com/errata/RHSA-2019:3299 | vendor-advisoryx_refsource_REDHAT |
Impacted products
Date Public
2019-05-28 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77988"
},
{
"name": "openSUSE-SU-2019:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"status": "affected",
"version": "7.1.30"
},
{
"status": "affected",
"version": "7.2.19"
},
{
"status": "affected",
"version": "7.3.6"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "By orestiskourides at gmail dot com"
}
],
"datePublic": "2019-05-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T15:06:33.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=77988"
},
{
"name": "openSUSE-SU-2019:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=77988"
],
"discovery": "EXTERNAL"
},
"title": "Heap buffer overflow in EXIF extension",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-05-28T06:49:00.000Z",
"ID": "CVE-2019-11040",
"STATE": "PUBLIC",
"TITLE": "Heap buffer overflow in EXIF extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_value": "7.1.30"
},
{
"version_value": "7.2.19"
},
{
"version_value": "7.3.6"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "By orestiskourides at gmail dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=77988",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=77988"
},
{
"name": "openSUSE-SU-2019:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://bugs.php.net/bug.php?id=77988"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11040",
"datePublished": "2019-06-18T23:28:28.320Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:23:01.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11041 (GCVE-0-2019-11041)
Vulnerability from cvelistv5 – Published: 2019-08-09 19:26 – Updated: 2024-09-16 19:31
VLAI
Title
heap-buffer-overflow on exif_scan_thumbnail in EXIF extension
Summary
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
Severity
4.8 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
17 references
Impacted products
Date Public
2019-07-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=78222"
},
{
"name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
},
{
"name": "USN-4097-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4097-2/"
},
{
"name": "USN-4097-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4097-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "openSUSE-SU-2019:2271",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210634"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Oct/9"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/55"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"status": "affected",
"version": "7.1.x below 7.1.31"
},
{
"status": "affected",
"version": "7.2.x below 7.2.21"
},
{
"status": "affected",
"version": "7.3.x below 7.3.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "By orestiskourides at gmail dot com"
}
],
"datePublic": "2019-07-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T17:06:35.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=78222"
},
{
"name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
},
{
"name": "USN-4097-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4097-2/"
},
{
"name": "USN-4097-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4097-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "openSUSE-SU-2019:2271",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210634"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Oct/9"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/55"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78222"
],
"discovery": "EXTERNAL"
},
"title": "heap-buffer-overflow on exif_scan_thumbnail in EXIF extension",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-07-30T03:21:00.000Z",
"ID": "CVE-2019-11041",
"STATE": "PUBLIC",
"TITLE": "heap-buffer-overflow on exif_scan_thumbnail in EXIF extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_value": "7.1.x below 7.1.31"
},
{
"version_value": "7.2.x below 7.2.21"
},
{
"version_value": "7.3.x below 7.3.8"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "By orestiskourides at gmail dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=78222",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=78222"
},
{
"name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
},
{
"name": "USN-4097-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4097-2/"
},
{
"name": "USN-4097-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4097-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190822-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "openSUSE-SU-2019:2271",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
},
{
"name": "https://support.apple.com/kb/HT210634",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210634"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/9"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/15"
},
{
"name": "https://support.apple.com/kb/HT210722",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/55"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://bugs.php.net/bug.php?id=78222"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11041",
"datePublished": "2019-08-09T19:26:34.152Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:31:07.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11042 (GCVE-0-2019-11042)
Vulnerability from cvelistv5 – Published: 2019-08-09 19:26 – Updated: 2024-09-17 02:15
VLAI
Title
heap-buffer-overflow on exif_process_user_comment in EXIF extension
Summary
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
Severity
4.8 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
17 references
Impacted products
Date Public
2019-07-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=78256"
},
{
"name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
},
{
"name": "USN-4097-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4097-2/"
},
{
"name": "USN-4097-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4097-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "openSUSE-SU-2019:2271",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210634"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Oct/9"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/55"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"status": "affected",
"version": "7.1.x below 7.1.31"
},
{
"status": "affected",
"version": "7.2.x below 7.2.21"
},
{
"status": "affected",
"version": "7.3.x below 7.3.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "By orestiskourides at gmail dot com"
}
],
"datePublic": "2019-07-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T17:06:23.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=78256"
},
{
"name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
},
{
"name": "USN-4097-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4097-2/"
},
{
"name": "USN-4097-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4097-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "openSUSE-SU-2019:2271",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210634"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Oct/9"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/55"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78256"
],
"discovery": "EXTERNAL"
},
"title": "heap-buffer-overflow on exif_process_user_comment in EXIF extension",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-07-30T03:21:00.000Z",
"ID": "CVE-2019-11042",
"STATE": "PUBLIC",
"TITLE": "heap-buffer-overflow on exif_process_user_comment in EXIF extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_value": "7.1.x below 7.1.31"
},
{
"version_value": "7.2.x below 7.2.21"
},
{
"version_value": "7.3.x below 7.3.8"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "By orestiskourides at gmail dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=78256",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=78256"
},
{
"name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
},
{
"name": "USN-4097-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4097-2/"
},
{
"name": "USN-4097-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4097-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190822-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
},
{
"name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/35"
},
{
"name": "DSA-4527",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4527"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "openSUSE-SU-2019:2271",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
},
{
"name": "https://support.apple.com/kb/HT210634",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210634"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/9"
},
{
"name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/15"
},
{
"name": "https://support.apple.com/kb/HT210722",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/55"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://bugs.php.net/bug.php?id=78256"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11042",
"datePublished": "2019-08-09T19:26:34.193Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:15:56.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11046 (GCVE-0-2019-11046)
Vulnerability from cvelistv5 – Published: 2019-12-23 02:40 – Updated: 2024-09-16 17:52
VLAI
Title
Buffer underflow in bc_shift_addsub
Summary
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
Severity
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
14 references
Impacted products
Date Public
2019-12-17 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=78878"
},
{
"name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
},
{
"name": "FEDORA-2019-437d94e271",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
},
{
"name": "FEDORA-2019-a54a622670",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K48866433?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "USN-4239-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4239-1/"
},
{
"name": "openSUSE-SU-2020:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
},
{
"name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/27"
},
{
"name": "DSA-4626",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4626"
},
{
"name": "DSA-4628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4628"
},
{
"name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/31"
},
{
"name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2021/Jan/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "7.2.26",
"status": "affected",
"version": "7.2.x",
"versionType": "custom"
},
{
"lessThan": "7.3.13",
"status": "affected",
"version": "7.3.x",
"versionType": "custom"
},
{
"lessThan": "7.4.1",
"status": "affected",
"version": "7.4.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Submitted by thomas-josef dot riedmaier at siemens dot com"
}
],
"datePublic": "2019-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren\u0027t ASCII numbers. This can read to disclosure of the content of some memory locations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T17:06:40.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=78878"
},
{
"name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
},
{
"name": "FEDORA-2019-437d94e271",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
},
{
"name": "FEDORA-2019-a54a622670",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K48866433?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "USN-4239-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4239-1/"
},
{
"name": "openSUSE-SU-2020:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
},
{
"name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/27"
},
{
"name": "DSA-4626",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4626"
},
{
"name": "DSA-4628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4628"
},
{
"name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/31"
},
{
"name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2021/Jan/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78878"
],
"discovery": "EXTERNAL"
},
"title": "Buffer underflow in bc_shift_addsub",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
"ID": "CVE-2019-11046",
"STATE": "PUBLIC",
"TITLE": "Buffer underflow in bc_shift_addsub"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.2.x",
"version_value": "7.2.26"
},
{
"version_affected": "\u003c",
"version_name": "7.3.x",
"version_value": "7.3.13"
},
{
"version_affected": "\u003c",
"version_name": "7.4.x",
"version_value": "7.4.1"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Submitted by thomas-josef dot riedmaier at siemens dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren\u0027t ASCII numbers. This can read to disclosure of the content of some memory locations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=78878",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=78878"
},
{
"name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200103-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
},
{
"name": "FEDORA-2019-437d94e271",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
},
{
"name": "FEDORA-2019-a54a622670",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
},
{
"name": "https://support.f5.com/csp/article/K48866433?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K48866433?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "USN-4239-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4239-1/"
},
{
"name": "openSUSE-SU-2020:0080",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
},
{
"name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/27"
},
{
"name": "DSA-4626",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4626"
},
{
"name": "DSA-4628",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4628"
},
{
"name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/31"
},
{
"name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2021/Jan/3"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78878"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11046",
"datePublished": "2019-12-23T02:40:17.526Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:52:45.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11047 (GCVE-0-2019-11047)
Vulnerability from cvelistv5 – Published: 2019-12-23 02:40 – Updated: 2024-09-17 04:24
VLAI
Title
Heap-buffer-overflow READ in exif
Summary
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
Severity
4.8 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://bugs.php.net/bug.php?id=78910 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2020010… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://usn.ubuntu.com/4239-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://seclists.org/bugtraq/2020/Feb/27 | mailing-listx_refsource_BUGTRAQ |
| https://www.debian.org/security/2020/dsa-4626 | vendor-advisoryx_refsource_DEBIAN |
| https://www.debian.org/security/2020/dsa-4628 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2020/Feb/31 | mailing-listx_refsource_BUGTRAQ |
| https://seclists.org/bugtraq/2021/Jan/3 | mailing-listx_refsource_BUGTRAQ |
| https://www.tenable.com/security/tns-2021-14 | x_refsource_CONFIRM |
Impacted products
Date Public
2019-12-17 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=78910"
},
{
"name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
},
{
"name": "FEDORA-2019-437d94e271",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
},
{
"name": "FEDORA-2019-a54a622670",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
},
{
"name": "USN-4239-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4239-1/"
},
{
"name": "openSUSE-SU-2020:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
},
{
"name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/27"
},
{
"name": "DSA-4626",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4626"
},
{
"name": "DSA-4628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4628"
},
{
"name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/31"
},
{
"name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2021/Jan/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "7.2.26",
"status": "affected",
"version": "7.2.x",
"versionType": "custom"
},
{
"lessThan": "7.3.13",
"status": "affected",
"version": "7.3.x",
"versionType": "custom"
},
{
"lessThan": "7.4.1",
"status": "affected",
"version": "7.4.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19044"
}
],
"datePublic": "2019-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T17:07:26.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=78910"
},
{
"name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
},
{
"name": "FEDORA-2019-437d94e271",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
},
{
"name": "FEDORA-2019-a54a622670",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
},
{
"name": "USN-4239-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4239-1/"
},
{
"name": "openSUSE-SU-2020:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
},
{
"name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/27"
},
{
"name": "DSA-4626",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4626"
},
{
"name": "DSA-4628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4628"
},
{
"name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/31"
},
{
"name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2021/Jan/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78910"
],
"discovery": "INTERNAL"
},
"title": "Heap-buffer-overflow READ in exif",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
"ID": "CVE-2019-11047",
"STATE": "PUBLIC",
"TITLE": "Heap-buffer-overflow READ in exif"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.2.x",
"version_value": "7.2.26"
},
{
"version_affected": "\u003c",
"version_name": "7.3.x",
"version_value": "7.3.13"
},
{
"version_affected": "\u003c",
"version_name": "7.4.x",
"version_value": "7.4.1"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19044"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=78910",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=78910"
},
{
"name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200103-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
},
{
"name": "FEDORA-2019-437d94e271",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
},
{
"name": "FEDORA-2019-a54a622670",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
},
{
"name": "USN-4239-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4239-1/"
},
{
"name": "openSUSE-SU-2020:0080",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
},
{
"name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/27"
},
{
"name": "DSA-4626",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4626"
},
{
"name": "DSA-4628",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4628"
},
{
"name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/31"
},
{
"name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2021/Jan/3"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78910"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11047",
"datePublished": "2019-12-23T02:40:17.978Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:24:19.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11050 (GCVE-0-2019-11050)
Vulnerability from cvelistv5 – Published: 2019-12-23 02:40 – Updated: 2024-09-16 18:33
VLAI
Title
Use-after-free in exif parsing under memory sanitizer
Summary
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
Severity
4.8 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://bugs.php.net/bug.php?id=78793 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2020010… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://usn.ubuntu.com/4239-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://seclists.org/bugtraq/2020/Feb/27 | mailing-listx_refsource_BUGTRAQ |
| https://www.debian.org/security/2020/dsa-4626 | vendor-advisoryx_refsource_DEBIAN |
| https://www.debian.org/security/2020/dsa-4628 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2020/Feb/31 | mailing-listx_refsource_BUGTRAQ |
| https://seclists.org/bugtraq/2021/Jan/3 | mailing-listx_refsource_BUGTRAQ |
| https://www.tenable.com/security/tns-2021-14 | x_refsource_CONFIRM |
Impacted products
Date Public
2019-12-17 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=78793"
},
{
"name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
},
{
"name": "FEDORA-2019-437d94e271",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
},
{
"name": "FEDORA-2019-a54a622670",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
},
{
"name": "USN-4239-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4239-1/"
},
{
"name": "openSUSE-SU-2020:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
},
{
"name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/27"
},
{
"name": "DSA-4626",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4626"
},
{
"name": "DSA-4628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4628"
},
{
"name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/31"
},
{
"name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2021/Jan/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "7.2.26",
"status": "affected",
"version": "7.2.x",
"versionType": "custom"
},
{
"lessThan": "7.3.13",
"status": "affected",
"version": "7.3.x",
"versionType": "custom"
},
{
"lessThan": "7.4.1",
"status": "affected",
"version": "7.4.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Submitted by Nikita Popov"
}
],
"datePublic": "2019-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T17:06:48.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=78793"
},
{
"name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
},
{
"name": "FEDORA-2019-437d94e271",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
},
{
"name": "FEDORA-2019-a54a622670",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
},
{
"name": "USN-4239-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4239-1/"
},
{
"name": "openSUSE-SU-2020:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
},
{
"name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/27"
},
{
"name": "DSA-4626",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4626"
},
{
"name": "DSA-4628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4628"
},
{
"name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/31"
},
{
"name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2021/Jan/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78793"
],
"discovery": "INTERNAL"
},
"title": "Use-after-free in exif parsing under memory sanitizer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
"ID": "CVE-2019-11050",
"STATE": "PUBLIC",
"TITLE": "Use-after-free in exif parsing under memory sanitizer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.2.x",
"version_value": "7.2.26"
},
{
"version_affected": "\u003c",
"version_name": "7.3.x",
"version_value": "7.3.13"
},
{
"version_affected": "\u003c",
"version_name": "7.4.x",
"version_value": "7.4.1"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Submitted by Nikita Popov"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=78793",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=78793"
},
{
"name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200103-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
},
{
"name": "FEDORA-2019-437d94e271",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
},
{
"name": "FEDORA-2019-a54a622670",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
},
{
"name": "USN-4239-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4239-1/"
},
{
"name": "openSUSE-SU-2020:0080",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
},
{
"name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/27"
},
{
"name": "DSA-4626",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4626"
},
{
"name": "DSA-4628",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4628"
},
{
"name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/31"
},
{
"name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2021/Jan/3"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=78793"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11050",
"datePublished": "2019-12-23T02:40:18.861Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:33:19.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11823 (GCVE-0-2019-11823)
Vulnerability from cvelistv5 – Published: 2020-05-04 10:00 – Updated: 2024-09-16 19:35
VLAI
Summary
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Severity
8.6 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.synology.com/security/advisory/Synolo… | x_refsource_CONFIRM |
| https://www.talosintelligence.com/vulnerability_r… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Synology | Synology Router Manager (SRM) |
Affected:
unspecified , < 1.2.3-8017-2
(custom)
|
Date Public
2020-05-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Synology Router Manager (SRM)",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.2.3-8017-2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-12T12:50:49.000Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2020-05-04T00:00:00",
"ID": "CVE-2019-11823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Synology Router Manager (SRM)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.2.3-8017-2"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_11",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_11"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1051",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2019-11823",
"datePublished": "2020-05-04T10:00:18.576Z",
"dateReserved": "2019-05-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:35:18.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11935 (GCVE-0-2019-11935)
Vulnerability from cvelistv5 – Published: 2019-12-04 16:25 – Updated: 2024-08-04 23:10
VLAI
Summary
Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
Severity
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://hhvm.com/blog/2019/10/28/security-update.html | x_refsource_CONFIRM |
| https://github.com/facebook/hhvm/commit/1c518555d… | x_refsource_CONFIRM |
| https://www.facebook.com/security/advisories/cve-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HHVM |
Affected:
4.28.2
Affected: 4.28.0 , < unspecified (custom) Affected: 4.27.1 Affected: 4.27.0 , < unspecified (custom) Affected: 4.26.1 Affected: 4.26.0 , < unspecified (custom) Affected: 4.25.1 Affected: 4.25.0 , < unspecified (custom) Affected: 4.24.1 Affected: 4.24.0 , < unspecified (custom) Affected: 4.23.2 Affected: 4.9.0 , < unspecified (custom) Affected: 4.8.6 Affected: 4.0.0 , < unspecified (custom) Affected: 3.30.12 Affected: unspecified , < 3.30.12 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:29.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://hhvm.com/blog/2019/10/28/security-update.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HHVM",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "4.28.2"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.27.1"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.26.1"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.26.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.25.1"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.25.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.24.1"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.23.2"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.8.6"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "3.30.12"
},
{
"lessThan": "3.30.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-10-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-04T16:25:20.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://hhvm.com/blog/2019/10/28/security-update.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11935"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-10-28",
"ID": "CVE-2019-11935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "4.28.2"
},
{
"version_affected": "\u003e=",
"version_value": "4.28.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.27.1"
},
{
"version_affected": "\u003e=",
"version_value": "4.27.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.26.1"
},
{
"version_affected": "\u003e=",
"version_value": "4.26.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.25.1"
},
{
"version_affected": "\u003e=",
"version_value": "4.25.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.24.1"
},
{
"version_affected": "\u003e=",
"version_value": "4.24.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.23.2"
},
{
"version_affected": "\u003e=",
"version_value": "4.9.0"
},
{
"version_affected": "!=\u003e",
"version_value": "4.8.6"
},
{
"version_affected": "\u003e=",
"version_value": "4.0.0"
},
{
"version_affected": "!=\u003e",
"version_value": "3.30.12"
},
{
"version_affected": "\u003c",
"version_value": "3.30.12"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hhvm.com/blog/2019/10/28/security-update.html",
"refsource": "CONFIRM",
"url": "https://hhvm.com/blog/2019/10/28/security-update.html"
},
{
"name": "https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7",
"refsource": "CONFIRM",
"url": "https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7"
},
{
"name": "https://www.facebook.com/security/advisories/cve-2019-11935",
"refsource": "CONFIRM",
"url": "https://www.facebook.com/security/advisories/cve-2019-11935"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-11935",
"datePublished": "2019-12-04T16:25:20.000Z",
"dateReserved": "2019-05-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:29.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13324 (GCVE-0-2019-13324)
Vulnerability from cvelistv5 – Published: 2019-10-03 21:28 – Updated: 2024-08-04 23:49
VLAI
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8782.
Severity
7.8 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.foxitsoftware.com/support/security-bu… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit | Studio Photo |
Affected:
3.6.6.909
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-841/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Studio Photo",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "3.6.6.909"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8782."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-03T21:28:21.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-841/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Studio Photo",
"version": {
"version_data": [
{
"version_value": "3.6.6.909"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"credit": "Mat Powell of Trend Micro Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8782."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-841/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-841/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2019-13324",
"datePublished": "2019-10-03T21:28:21.000Z",
"dateReserved": "2019-07-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13325 (GCVE-0-2019-13325)
Vulnerability from cvelistv5 – Published: 2019-10-03 21:28 – Updated: 2024-08-04 23:49
VLAI
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8922.
Severity
7.8 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.foxitsoftware.com/support/security-bu… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit | Studio Photo |
Affected:
3.6.6.909
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-842/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Studio Photo",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "3.6.6.909"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8922."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-03T21:28:21.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-842/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-13325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Studio Photo",
"version": {
"version_data": [
{
"version_value": "3.6.6.909"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"credit": "Mat Powell of Trend Micro Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8922."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-842/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-842/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2019-13325",
"datePublished": "2019-10-03T21:28:21.000Z",
"dateReserved": "2019-07-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Phase: Architecture and Design
Strategy: Language Selection
Description:
- Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.