Lucene search
Veracode Vulnerability DatabaseVERACODE:21339HistoryAug 20, 2019 - 12:10 a.m.
Information Disclosure
2019-08-2000:10:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
26
0.008 Low
EPSS
Percentile
82.2%
php is vulnerable to denial of service. An attacker is able to read past allocated buffer in the function exif_read_data() by passing malicious EXIF data to the PHP EXIF extension. This can also potentially lead to an application crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rh-php71-php | eq | 7.1.8__1.el7 | |
| rh-php72-php | eq | 7.2.10__3.el7 |
References
lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html
access.redhat.com/errata/RHSA-2019:2519
access.redhat.com/errata/RHSA-2019:3299
access.redhat.com/security/updates/classification/#moderate
bugs.php.net/bug.php?id=77988
seclists.org/bugtraq/2019/Sep/35
seclists.org/bugtraq/2019/Sep/38
www.debian.org/security/2019/dsa-4527
www.debian.org/security/2019/dsa-4529
Related
altlinux
altlinux
Security fix for the ALT Linux 9 package php7 version 7.2.19-alt1
2019-06-02 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 7.2.19-alt1
2019-06-01 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 7.2.19-alt1
2019-06-01 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1881)
2020-01-23 00:00:00
Ubuntu: Security Advisory (USN-4009-2)
2022-08-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1725-1)
2021-06-09 00:00:00
debiancve
debiancve
CVE-2019-11040
2019-06-19 00:15:12
redhatcve
redhatcve
CVE-2019-11040
2019-06-26 11:22:34
nvd
nvd
CVE-2019-11040
2019-06-19 00:15:12
prion
prion
Information disclosure
2019-06-19 00:15:00
cve
cve
CVE-2019-11040
2019-06-19 00:15:12
osv
osv
CVE-2019-11040
2019-06-19 00:15:12
php5 - security update
2019-06-03 00:00:00
php7.3 - security update
2019-09-19 00:00:00
alpinelinux
alpinelinux
CVE-2019-11040
2019-06-19 00:15:12
nessus
nessus
EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1881)
2019-09-16 00:00:00
SUSE SLES12 Security Update : php72 (SUSE-SU-2019:1724-1)
2019-07-03 00:00:00
SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2019:1832-1)
2019-07-15 00:00:00
hackerone
hackerone
Internet Bug Bounty: Out of Bounds Memory Read in php_jpg_get16
2019-08-01 05:45:21
cvelist
cvelist
CVE-2019-11040 Heap buffer overflow in EXIF extension
2019-05-28 00:00:00
ubuntucve
ubuntucve
CVE-2019-11040
2019-06-03 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2019-06-05 00:00:00
PHP vulnerabilities
2019-06-05 00:00:00
suse
suse
Security update for php7 (moderate)
2019-07-21 00:00:00
debian
debian
[SECURITY] [DLA 1813-1] php5 security update
2019-06-03 11:19:11
[SECURITY] [DSA 4527-1] php7.3 security update
2019-09-19 20:47:45
[SECURITY] [DSA 4529-1] php7.0 security update
2019-09-20 17:58:44
amazon
amazon
Medium: php71, php72, php73
2019-07-17 23:33:00
ibm
ibm
fedora
fedora
[SECURITY] Fedora 30 Update: php-7.3.6-1.fc30
2019-06-06 01:07:20
[SECURITY] Fedora 29 Update: php-7.2.19-2.fc29
2019-06-08 02:13:48
rocky
rocky
php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
almalinux
almalinux
Moderate: php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
Moderate: php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
redhat
redhat
(RHSA-2020:1624) Moderate: php:7.2 security, bug fix, and enhancement update
2020-04-28 08:57:54
(RHSA-2019:3299) Critical: rh-php72-php security update
2019-11-01 12:22:19
(RHSA-2020:3662) Moderate: php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
oraclelinux
oraclelinux
php:7.2 security, bug fix, and enhancement update
2020-05-05 00:00:00
php:7.3 security, bug fix, and enhancement update
2020-09-09 00:00:00