gsd-2019-11041
Vulnerability from gsd
Modified
2023-12-13 01:24
Details
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2019-11041",
    "description": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.",
    "id": "GSD-2019-11041",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-11041.html",
      "https://www.debian.org/security/2019/dsa-4529",
      "https://www.debian.org/security/2019/dsa-4527",
      "https://access.redhat.com/errata/RHSA-2020:3662",
      "https://access.redhat.com/errata/RHSA-2020:1624",
      "https://access.redhat.com/errata/RHSA-2019:3299",
      "https://ubuntu.com/security/CVE-2019-11041",
      "https://advisories.mageia.org/CVE-2019-11041.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2019-11041.html",
      "https://linux.oracle.com/cve/CVE-2019-11041.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-11041"
      ],
      "details": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.",
      "id": "GSD-2019-11041",
      "modified": "2023-12-13T01:24:00.736849Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "AKA": "",
        "ASSIGNER": "security@php.net",
        "DATE_PUBLIC": "2019-07-30T03:21:00.000Z",
        "ID": "CVE-2019-11041",
        "STATE": "PUBLIC",
        "TITLE": "heap-buffer-overflow on exif_scan_thumbnail in EXIF extension"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "PHP",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.1.x below 7.1.31"
                        },
                        {
                          "version_value": "7.2.x below 7.2.21"
                        },
                        {
                          "version_value": "7.3.x below 7.3.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "PHP Group"
            }
          ]
        }
      },
      "configuration": [],
      "credit": [
        {
          "lang": "eng",
          "value": "By orestiskourides at gmail dot com"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
          }
        ]
      },
      "exploit": [],
      "generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-125 Out-of-bounds Read"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugs.php.net/bug.php?id=78222",
            "refsource": "CONFIRM",
            "url": "https://bugs.php.net/bug.php?id=78222"
          },
          {
            "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
          },
          {
            "name": "USN-4097-2",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4097-2/"
          },
          {
            "name": "USN-4097-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4097-1/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20190822-0003/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
          },
          {
            "name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/Sep/35"
          },
          {
            "name": "DSA-4527",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2019/dsa-4527"
          },
          {
            "name": "DSA-4529",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2019/dsa-4529"
          },
          {
            "name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/Sep/38"
          },
          {
            "name": "openSUSE-SU-2019:2271",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
          },
          {
            "name": "https://support.apple.com/kb/HT210634",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT210634"
          },
          {
            "name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/Oct/9"
          },
          {
            "name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2019/Oct/15"
          },
          {
            "name": "https://support.apple.com/kb/HT210722",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT210722"
          },
          {
            "name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2019/Oct/55"
          },
          {
            "name": "RHSA-2019:3299",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:3299"
          },
          {
            "name": "https://www.tenable.com/security/tns-2021-14",
            "refsource": "CONFIRM",
            "url": "https://www.tenable.com/security/tns-2021-14"
          }
        ]
      },
      "solution": [],
      "source": {
        "advisory": "",
        "defect": [
          "https://bugs.php.net/bug.php?id=78222"
        ],
        "discovery": "EXTERNAL"
      },
      "work_around": []
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.1.31",
                "versionStartIncluding": "7.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2.21",
                "versionStartIncluding": "7.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3.8",
                "versionStartIncluding": "7.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.19.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@php.net",
          "ID": "CVE-2019-11041"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.php.net/bug.php?id=78222",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://bugs.php.net/bug.php?id=78222"
            },
            {
              "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1878-1] php5 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html"
            },
            {
              "name": "USN-4097-2",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4097-2/"
            },
            {
              "name": "USN-4097-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4097-1/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190822-0003/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190822-0003/"
            },
            {
              "name": "20190920 [SECURITY] [DSA 4527-1] php7.3 security update",
              "refsource": "BUGTRAQ",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/bugtraq/2019/Sep/35"
            },
            {
              "name": "DSA-4527",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4527"
            },
            {
              "name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
              "refsource": "BUGTRAQ",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/bugtraq/2019/Sep/38"
            },
            {
              "name": "DSA-4529",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4529"
            },
            {
              "name": "openSUSE-SU-2019:2271",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html"
            },
            {
              "name": "https://support.apple.com/kb/HT210634",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/kb/HT210634"
            },
            {
              "name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
              "refsource": "BUGTRAQ",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/bugtraq/2019/Oct/9"
            },
            {
              "name": "20191008 APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Oct/15"
            },
            {
              "name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Oct/55"
            },
            {
              "name": "RHSA-2019:3299",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3299"
            },
            {
              "name": "https://support.apple.com/kb/HT210722",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/kb/HT210722"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 4.2
        }
      },
      "lastModifiedDate": "2023-02-28T15:13Z",
      "publishedDate": "2019-08-09T20:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.