0.006 Low
EPSS
Percentile
79.0%
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
bugzilla.redhat.com/show_bug.cgi?id=1702246
nvd.nist.gov/vuln/detail/CVE-2019-11035
www.cve.org/CVERecord?id=CVE-2019-11035