CVE-2019-11036

Summary

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Affected Software

VendorProductVersion RangeStatus
PHP GroupPHP7.1.x < 7.1.29affected
PHP GroupPHP7.2.x < 7.2.18affected
PHP GroupPHP7.3.x < 7.3.5affected

Weaknesses

  • CWE-126: CWE-126 Buffer Over-read

ADP Enrichment

CVE Program Container

Additional References

References