Lucene search

K

GoogleOSV:CVE-2019-11034

HistoryApr 18, 2019 - 5:29 p.m.

CVE-2019-11034

2019-04-1817:29:00

Google

osv.dev

5

6.5 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.6%

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

References

lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html

access.redhat.com/errata/RHSA-2019:2519

access.redhat.com/errata/RHSA-2019:3299

bugs.php.net/bug.php?id=77753

lists.debian.org/debian-lts-announce/2019/05/msg00035.html

seclists.org/bugtraq/2019/Sep/38

security.netapp.com/advisory/ntap-20190502-0001/

support.f5.com/csp/article/K44590877

usn.ubuntu.com/3953-1/

usn.ubuntu.com/3953-2/

www.debian.org/security/2019/dsa-4529

6.5 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.6%

Related for OSV:CVE-2019-11034

debiancve1 veracode1 cve1 alpinelinux1 ubuntucve1 nvd1 prion1 redhatcve1 cvelist1 openvas19 nessus33 ubuntu2 freebsd1 f51 ibm2 debian2 osv4 suse4 amazon1 oraclelinux1 redhat3 rocky1 almalinux1