CVE-2019-11040 MEDIUM

CVE-2019-11040: Heap buffer overflow in EXIF extension

Vendor Php Group

Product PHP

Weakness CWE-125

Published June 18, 2019

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Key dates

02Disclosure timeline

June 18, 2019 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-11040 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/125.html

Related vulnerabilities

Identifiers

CVE CVE-2019-11040

CWE CWE-125

CVSS 4.8 / MEDIUM

Affected versions

Vendor Php Group

Product PHP

Affected 7.1.30

Vendor Php Group

Product PHP

Affected 7.2.19

Vendor Php Group

Product PHP

Affected 7.3.6

CVE-2019-11040: Heap buffer overflow in EXIF extension

01Description

02Disclosure timeline

03References

04Related CVE