CVE-2019-11034

Summary

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Affected Software

VendorProductVersion RangeStatus
PHP GroupPHP7.1.x < 7.1.28affected
PHP GroupPHP7.2.x < 7.2.17affected
PHP GroupPHP7.3.x < 7.3.4affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CVE Program Container

Additional References

References