Podatność CVE-2019-11041


Publikacja: 2019-08-09

Opis:
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

Typ:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Producent: Debian
Produkt: Debian linux 
Wersje: 8.0;
Producent: PHP
Produkt: PHP 
Wersje:
7.3.6
7.3.5
7.3.4
7.3.3
7.3.2
7.3.1
7.3.0
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.19
7.2.18
7.2.17
7.2.16
7.2.15
7.2.14
7.2.13
7.2.12
7.2.11
7.2.10
7.2.1
7.2.0
7.1.9
7.1.8
7.1.7
7.1.6
7.1.5
7.1.4
7.1.30
7.1.3
7.1.29
7.1.28
7.1.27
7.1.26
7.1.25
7.1.24
7.1.23
7.1.22
7.1.21
7.1.20
7.1.2
7.1.19
7.1.18
7.1.17
7.1.16
7.1.15
7.1.14
7.1.13
7.1.12
7.1.11
7.1.10
7.1.1
7.1.0
Producent: Canonical
Produkt: Ubuntu linux 
Wersje:
19.04
18.04
16.04
14.04
12.04

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
6.8/10
6.4/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Częściowy
Częściowy

 Referencje:
https://bugs.php.net/bug.php?id=78222
https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html
https://security.netapp.com/advisory/ntap-20190822-0003/
https://usn.ubuntu.com/4097-1/
https://usn.ubuntu.com/4097-2/

Podobne CVE
CVE-2019-10197
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared ...
CVE-2019-15717
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.
CVE-2019-11476
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-exec...
CVE-2019-15133
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
CVE-2019-9851
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calli...
CVE-2019-9850
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify tha...
CVE-2019-13377
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able...
CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater h...

Copyright 2019, cxsecurity.com

 

Back to Top