Information disclosure

2019-12-2303:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.3%

JSON

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

CPENameOperatorVersion
ubuntu_linuxeq18.04
ubuntu_linuxeq19.04
ubuntu_linuxeq14.04
ubuntu_linuxeq19.10
ubuntu_linuxeq16.04
ubuntu_linuxeq12.04
debian_linuxeq8.0
debian_linuxeq9.0
debian_linuxeq10.0
fedoraeq30

Name	Operator	Version
ubuntu_linux	eq	18.04
ubuntu_linux	eq	19.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	19.10
ubuntu_linux	eq	16.04
ubuntu_linux	eq	12.04
debian_linux	eq	8.0
debian_linux	eq	9.0
debian_linux	eq	10.0
fedora	eq	30